lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170620093102.GB28157@leverpostej>
Date:   Tue, 20 Jun 2017 10:31:02 +0100
From:   Mark Rutland <mark.rutland@....com>
To:     Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc:     linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        arnd@...db.de, will.deacon@....com, gregkh@...uxfoundation.org
Subject: Re: [PATCH v3] drivers/char: kmem: disable on arm64

On Tue, Jun 20, 2017 at 08:59:00AM +0200, Ard Biesheuvel wrote:
> As it turns out, arm64 deviates from other architectures in the way it
> maps the VMALLOC region: on most (all?) other architectures, it resides
> strictly above the kernel's direct mapping of DRAM, but on arm64, this
> is the other way around. For instance, for a 48-bit VA configuration,
> we have
> 
>   modules : 0xffff000000000000 - 0xffff000008000000   (   128 MB)
>   vmalloc : 0xffff000008000000 - 0xffff7dffbfff0000   (129022 GB)
>   ...
>   vmemmap : 0xffff7e0000000000 - 0xffff800000000000   (  2048 GB maximum)
>             0xffff7e0000000000 - 0xffff7e0003ff0000   (    63 MB actual)
>   memory  : 0xffff800000000000 - 0xffff8000ffc00000   (  4092 MB)
> 
> This has mostly gone unnoticed until now, but it does appear that it
> breaks an assumption in the kcore read/write code, which does something
> like
> 
>   if (p < (unsigned long) high_memory) {
>     ... use straight copy_[to|from]_user() using p as virtual address ...
>   }
>   ...
>   if (count > 0) {
>     ... use vread/vwrite for accesses past high_memory ...
>   }
> 
> The first condition will inadvertently hold for the VMALLOC region if
> VMALLOC_START < PAGE_OFFSET [which is the case on arm64], but the read
> or write will subsequently fail the virt_addr_valid() check, resulting
> in a -ENXIO return value.
> 
> Given how kmem seems to be living in borrowed time anyway, and given
> the fact that nobody noticed that the read/write interface is broken
> on arm64 in the first place, let's not bother trying to fix it, but
> simply disable the /dev/kmem interface entirely for arm64.
> 
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@...aro.org>

FWIW:

Acked-by: Mark Rutland <mark.rutland@....com>

Mark.

> ---
> v3: improve commit log
> v2: disable /dev/kmem entirely rather than bandaiding it
> 
>  drivers/char/Kconfig | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
> index 31adbebf812e..8102ee7b3247 100644
> --- a/drivers/char/Kconfig
> +++ b/drivers/char/Kconfig
> @@ -17,6 +17,8 @@ config DEVMEM
>  
>  config DEVKMEM
>  	bool "/dev/kmem virtual device support"
> +	# On arm64, VMALLOC_START < PAGE_OFFSET, which confuses kmem read/write
> +	depends on !ARM64
>  	help
>  	  Say Y here if you want to support the /dev/kmem device. The
>  	  /dev/kmem device is rarely used, but can be used for certain
> -- 
> 2.7.4
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ