lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <fa9d30ca-72fe-9ecf-b92c-e651fc117d42@redhat.com>
Date:   Mon, 16 Sep 2019 10:59:06 +0200
From:   David Hildenbrand <david@...hat.com>
To:     Alastair D'Silva <alastair@....ibm.com>, alastair@...ilva.org
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Oscar Salvador <osalvador@...e.com>,
        Michal Hocko <mhocko@...e.com>,
        Pavel Tatashin <pasha.tatashin@...een.com>,
        Wei Yang <richard.weiyang@...il.com>,
        Dan Williams <dan.j.williams@...el.com>, Qian Cai <cai@....pw>,
        Jason Gunthorpe <jgg@...pe.ca>,
        Logan Gunthorpe <logang@...tatee.com>,
        Ira Weiny <ira.weiny@...el.com>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/2] mm: Add a bounds check in devm_memremap_pages()

On 16.09.19 08:05, Alastair D'Silva wrote:
> From: Alastair D'Silva <alastair@...ilva.org>
> 
> The call to check_hotplug_memory_addressable() validates that the memory
> is fully addressable.
> 
> Without this call, it is possible that we may remap pages that is
> not physically addressable, resulting in bogus section numbers
> being returned from __section_nr().
> 
> Signed-off-by: Alastair D'Silva <alastair@...ilva.org>
> ---
>  mm/memremap.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/mm/memremap.c b/mm/memremap.c
> index 86432650f829..fd00993caa3e 100644
> --- a/mm/memremap.c
> +++ b/mm/memremap.c
> @@ -269,6 +269,13 @@ void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap)
>  
>  	mem_hotplug_begin();
>  
> +	error = check_hotplug_memory_addressable(res->start,
> +						 resource_size(res));
> +	if (error) {
> +		mem_hotplug_done();
> +		goto err_checkrange;
> +	}

As I said in reply to v1, please move this out of the memory hotplug
lock. These are static checks.

> +
>  	/*
>  	 * For device private memory we call add_pages() as we only need to
>  	 * allocate and initialize struct page for the device memory. More-
> @@ -324,6 +331,7 @@ void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap)
>  
>   err_add_memory:
>  	kasan_remove_zero_shadow(__va(res->start), resource_size(res));
> + err_checkrange:
>   err_kasan:
>  	untrack_pfn(NULL, PHYS_PFN(res->start), resource_size(res));
>   err_pfn_remap:
> 


-- 

Thanks,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ