lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20090714.131224.205307048.davem@davemloft.net>
Date:	Tue, 14 Jul 2009 13:12:24 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	joerg.roedel@....com
Cc:	fujita.tomonori@....ntt.co.jp, reif@...thlink.net, mingo@...e.hu,
	sparclinux@...r.kernel.org, linux-kernel@...r.kernel.org,
	x86@...nel.org, tony.luck@...el.com, akpm@...ux-foundation.org
Subject: Re: [PATCH v2 0/8] sparc: use asm-generic/dma-mapping-common.h and
 pci-dma-compat.h

From: Joerg Roedel <joerg.roedel@....com>
Date: Tue, 14 Jul 2009 11:23:55 +0200

> On Tue, Jul 14, 2009 at 10:40:16AM +0900, FUJITA Tomonori wrote:
>> On Mon, 13 Jul 2009 20:56:21 -0400
>> Robert Reif <reif@...thlink.net> wrote:
>> 
>> > The bad address is within the kernel so it looks like
>> > it's catching a real bug.
>> > 
>> > cat kallsyms | grep f0007000
>> > f0007000 T trapbase_cpu3
>> > 
>> > WARNING: at lib/dma-debug.c:873 check_for_illegal_area+0xc8/0x100()
>> > esp ffd7ba30: DMA-API: device driver maps memory from kernel text or 
>> > rodata [addr=f0007000] [len=4096]
>> > Modules linked in: ext3 jbd sd_mod sun_esp esp_scsi scsi_transport_spi 
>> 
>> Ok, I looked at check_for_illegal_area() in dma-debug.
>> 
>> What check_for_illegal_area() does looks bogus to me with some of I/O
>> remapping hardware.
> 
> Can you be more specific about this one? check_for_illegal_area() should
> not depend on any hardware because all it does is checking the machine
> addresses to be mapped.

The check can't work properly on sparc32.

Sparc32 always maps the kernel to a fixed physical location, and it
therefore can execute in the identity mapping area of physical memory
like where all the free pages and kmalloc areas live virtually.

So if we free up some pages within the kernel image (because the
memory is unused, for exmple that's what's happening here with the
extra trap table pages on Robert's machine) we have pages in the free
page pool that are located right inside of the kernel text, data, etc.

We'll thus need a way to turn off these checks somehow.  You could
also augment this check by seeing if there is a backing page, and if
so, whether it is PageReserved or not.  That's just one idea.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ