| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210121151206.GI48431@C02TD0UTHF1T.local>
Date: Thu, 21 Jan 2021 15:12:06 +0000
From: Mark Rutland <mark.rutland@....com>
To: Vincenzo Frascino <vincenzo.frascino@....com>
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
kasan-dev@...glegroups.com,
Andrey Konovalov <andreyknvl@...gle.com>,
Leon Romanovsky <leonro@...lanox.com>,
Alexander Potapenko <glider@...gle.com>,
Catalin Marinas <catalin.marinas@....com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Will Deacon <will@...nel.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
Ard Biesheuvel <ardb@...nel.org>
Subject: Re: [PATCH v2 1/2] arm64: Fix kernel address detection of
__is_lm_address()
[adding Ard]
On Thu, Jan 21, 2021 at 01:19:55PM +0000, Vincenzo Frascino wrote:
> Currently, the __is_lm_address() check just masks out the top 12 bits
> of the address, but if they are 0, it still yields a true result.
> This has as a side effect that virt_addr_valid() returns true even for
> invalid virtual addresses (e.g. 0x0).
When it was added, __is_lm_address() was intended to distinguish valid
kernel virtual addresses (i.e. those in the TTBR1 address range), and
wasn't intended to do anything for addresses outside of this range. See
commit:
ec6d06efb0bac6cd ("arm64: Add support for CONFIG_DEBUG_VIRTUAL")
... where it simply tests a bit.
So I believe that it's working as intended (though this is poorly
documented), but I think you're saying that usage isn't aligned with
that intent. Given that, I'm not sure the fixes tag is right; I think it
has never had the semantic you're after.
I had thought the same was true for virt_addr_valid(), and that wasn't
expected to be called for VAs outside of the kernel VA range. Is it
actually safe to call that with NULL on other architectures?
I wonder if it's worth virt_addr_valid() having an explicit check for
the kernel VA range, instead.
> Fix the detection checking that it's actually a kernel address starting
> at PAGE_OFFSET.
>
> Fixes: f4693c2716b35 ("arm64: mm: extend linear region for 52-bit VA configurations")
> Cc: Catalin Marinas <catalin.marinas@....com>
> Cc: Will Deacon <will@...nel.org>
> Suggested-by: Catalin Marinas <catalin.marinas@....com>
> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@....com>
> ---
> arch/arm64/include/asm/memory.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
> index 18fce223b67b..e04ac898ffe4 100644
> --- a/arch/arm64/include/asm/memory.h
> +++ b/arch/arm64/include/asm/memory.h
> @@ -249,7 +249,7 @@ static inline const void *__tag_set(const void *addr, u8 tag)
> /*
> * The linear kernel range starts at the bottom of the virtual address space.
> */
> -#define __is_lm_address(addr) (((u64)(addr) & ~PAGE_OFFSET) < (PAGE_END - PAGE_OFFSET))
> +#define __is_lm_address(addr) (((u64)(addr) ^ PAGE_OFFSET) < (PAGE_END - PAGE_OFFSET))
If we're going to make this stronger, can we please expand the comment
with the intended semantic? Otherwise we're liable to break this in
future.
Thanks,
Mark.
Powered by blists - more mailing lists