| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190318224653.26549-2-rcampbell@nvidia.com>
Date: Mon, 18 Mar 2019 15:46:53 -0700
From: <rcampbell@...dia.com>
To: <linux-kernel@...r.kernel.org>
CC: Ralph Campbell <rcampbell@...dia.com>,
Craig Bergstrom <craigb@...gle.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Fengguang Wu <fengguang.wu@...el.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Hans Verkuil <hans.verkuil@...co.com>,
Mauro Carvalho Chehab <mchehab@...pensource.com>,
Peter Zijlstra <peterz@...radead.org>,
Sander Eikelenboom <linux@...elenboom.it>,
Sean Young <sean@...s.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...nel.org>
Subject: [PATCH 1/1] x86/mm: Fix limit mmap() of /dev/mem to valid physical addresses
From: Ralph Campbell <rcampbell@...dia.com>
If CONFIG_DEBUG_VIRTUAL is enabled, a read or write to /dev/mem can
trigger a VIRTUAL_BUG_ON() depending on the value of high_memory.
For example:
read_mem()
valid_phys_addr_range(p=401f1550, count=8)
__pa(high_memory)
__phys_addr(x=ffffc88000000000)
// __START_KERNEL_map = ffffffff80000000
// y = ffffc88000000000 - ffffffff80000000
VIRTUAL_BUG_ON(phys_addr_valid(400000000000))
// boot_cpu_data.x86_phys_bits=46
Since by design high_memory is outside the range of valid physical
addresses, use the non-error checking version __pa_nodebug(high_memory).
Fixes: be62a32044061cb4a3b70a10598e093f1319102e ("x86/mm: Limit mmap() of
/dev/mem to valid physical addresses")
Signed-off-by: Ralph Campbell <rcampbell@...dia.com>
Cc: Craig Bergstrom <craigb@...gle.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>
Cc: Fengguang Wu <fengguang.wu@...el.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Hans Verkuil <hans.verkuil@...co.com>
Cc: Mauro Carvalho Chehab <mchehab@...pensource.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Sander Eikelenboom <linux@...elenboom.it>
Cc: Sean Young <sean@...s.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...nel.org>
---
arch/x86/mm/mmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index db3165714521..196bed43d5e6 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -230,7 +230,7 @@ bool mmap_address_hint_valid(unsigned long addr, unsigned long len)
/* Can we access it for direct reading/writing? Must be RAM: */
int valid_phys_addr_range(phys_addr_t addr, size_t count)
{
- return addr + count <= __pa(high_memory);
+ return addr + count <= __pa_nodebug(high_memory);
}
/* Can we access it through mmap? Must be a valid physical address: */
--
2.20.1
Powered by blists - more mailing lists