| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201207120527.GA4474@willie-the-truck>
Date: Mon, 7 Dec 2020 12:05:27 +0000
From: Will Deacon <will@...nel.org>
To: Robin Murphy <robin.murphy@....com>
Cc: Keqian Zhu <zhukeqian1@...wei.com>, linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
iommu@...ts.linux-foundation.org, Marc Zyngier <maz@...nel.org>,
Joerg Roedel <joro@...tes.org>,
Catalin Marinas <catalin.marinas@....com>,
James Morse <james.morse@....com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Sean Christopherson <sean.j.christopherson@...el.com>,
Julien Thierry <julien.thierry.kdev@...il.com>,
Mark Brown <broonie@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Andrew Morton <akpm@...ux-foundation.org>,
Alexios Zavras <alexios.zavras@...el.com>,
wanghaibin.wang@...wei.com, jiangkunkun@...wei.com
Subject: Re: [PATCH] iommu: Up front sanity check in the arm_lpae_map
On Mon, Dec 07, 2020 at 12:01:09PM +0000, Robin Murphy wrote:
> On 2020-12-05 08:29, Keqian Zhu wrote:
> > ... then we have more chance to detect wrong code logic.
>
> I don't follow that justification - it's still the same check with the same
> outcome, so how does moving it have any effect on the chance to detect
> errors?
>
> AFAICS the only difference it would make is to make some errors *less*
> obvious - if a sufficiently broken caller passes an empty prot value
> alongside an invalid size or already-mapped address, this will now quietly
> hide the warnings from the more serious condition(s).
>
> Yes, it will bail out a bit faster in the specific case where the prot value
> is the only thing wrong, but since when do we optimise for fundamentally
> incorrect API usage?
I thought it was the other way round -- doesn't this patch move the "empty
prot" check later, so we have a chance to check the size and addresses
first?
Will
> > Signed-off-by: Keqian Zhu <zhukeqian1@...wei.com>
> > ---
> > drivers/iommu/io-pgtable-arm.c | 8 ++++----
> > 1 file changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
> > index a7a9bc08dcd1..8ade72adab31 100644
> > --- a/drivers/iommu/io-pgtable-arm.c
> > +++ b/drivers/iommu/io-pgtable-arm.c
> > @@ -444,10 +444,6 @@ static int arm_lpae_map(struct io_pgtable_ops *ops, unsigned long iova,
> > arm_lpae_iopte prot;
> > long iaext = (s64)iova >> cfg->ias;
> > - /* If no access, then nothing to do */
> > - if (!(iommu_prot & (IOMMU_READ | IOMMU_WRITE)))
> > - return 0;
> > -
> > if (WARN_ON(!size || (size & cfg->pgsize_bitmap) != size))
> > return -EINVAL;
> > @@ -456,6 +452,10 @@ static int arm_lpae_map(struct io_pgtable_ops *ops, unsigned long iova,
> > if (WARN_ON(iaext || paddr >> cfg->oas))
> > return -ERANGE;
> > + /* If no access, then nothing to do */
> > + if (!(iommu_prot & (IOMMU_READ | IOMMU_WRITE)))
> > + return 0;
> > +
> > prot = arm_lpae_prot_to_pte(data, iommu_prot);
> > ret = __arm_lpae_map(data, iova, paddr, size, prot, lvl, ptep, gfp);
> > /*
> >
Powered by blists - more mailing lists