lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 26 Mar 2020 09:36:25 -0700
From:   Li Wang <li.wang@...driver.com>
To:     Catalin Marinas <catalin.marinas@....com>
CC:     <li.wang@...driver.com>, Will Deacon <will@...nel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>
Subject: [PATCH] arm64: mmu: no write cache for O_SYNC flag

reproduce steps:
1.
disable CONFIG_STRICT_DEVMEM in linux kernel
2.
Process A gets a Physical Address of global variable by
"/proc/self/pagemap".
3.
Process B writes a value to the same Physical Address by mmap():
fd=open("/dev/mem",O_SYNC);
Virtual Address=mmap(fd);

problem symptom:
after Process B write a value to the Physical Address,
Process A of the value of global variable does not change.
They both W/R the same Physical Address.

technical reason:
Process B writing the Physical Address is by the Virtual Address,
and the Virtual Address comes from "/dev/mem" and mmap().
In arm64 arch, the Virtual Address has write cache.
So, maybe the value is not written into Physical Address.

fix reason:
giving write cache flag in arm64 is in phys_mem_access_prot():
=====
arch/arm64/mm/mmu.c
phys_mem_access_prot()
{
  if (!pfn_valid(pfn))
    return pgprot_noncached(vma_prot);
  else if (file->f_flags & O_SYNC)
    return pgprot_writecombine(vma_prot);
  return vma_prot;
}
====
the other arch and the share function drivers/char/mem.c of phys_mem_access_prot()
does not add write cache flag.
So, removing the flag to fix the issue

Signed-off-by: Li Wang <li.wang@...driver.com>
Cc: Catalin Marinas <catalin.marinas@....com>
Cc: Will Deacon <will@...nel.org>
Cc: linux-arm-kernel@...ts.infradead.org
Cc: linux-kernel@...r.kernel.org
---
 arch/arm64/mm/mmu.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 128f70852bf3..d7083965ca17 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -81,8 +81,6 @@ pgprot_t phys_mem_access_prot(struct file *file, unsigned long pfn,
 {
 	if (!pfn_valid(pfn))
 		return pgprot_noncached(vma_prot);
-	else if (file->f_flags & O_SYNC)
-		return pgprot_writecombine(vma_prot);
 	return vma_prot;
 }
 EXPORT_SYMBOL(phys_mem_access_prot);
-- 
2.24.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ