lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ba014ac1-6a83-7b11-e9a7-e6ad9ba1aa62@flygoat.com>
Date:   Fri, 26 Feb 2021 14:52:57 +0800
From:   Jiaxun Yang <jiaxun.yang@...goat.com>
To:     Jinyang He <hejinyang@...ngson.cn>,
        Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
        John Crispin <john@...ozen.org>
Cc:     "linux-mips@...r.kernel.org" <linux-mips@...r.kernel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH RFC] MIPS: Remove detect_memory_region()

在 2021/2/26 上午9:37, Jinyang He 写道:
> On 02/24/2021 11:40 PM, Jiaxun Yang wrote:
>
>>
>> On Wed, Feb 24, 2021, at 9:02 PM, Jinyang He wrote:
>>> detect_memory_region() was committed by Commit 4d9f77d25268 ("MIPS: add
>>> detect_memory_region()"). Then it was equipped by Commit dd63b00804a5
>>> ("MIPS: ralink: make use of the new memory detection code") and
>>> Commit 9b75733b7b5e ("MIPS: ath79: make use of the new memory detection
>>> code"). Its code is based on early ath79 platform code.
>>>
>>> What puzzles me is that how memcmp() detect the memory region. If 
>>> `break`
>>> was touched, the function could make sense. That means memcmp() should
>>> return zero. Otherwise, the loop will be end by size > sz_max.
>>>
>>> I have tested detect_memory_region() on Loongson64 3A3000. On our 
>>> design,
>>> kseg0 low 256MB maps real memory and kseg0 high 256MB maps IO/PCI. The
>>> function runs and last stopped on kseg1 where is uncached. In this 
>>> process
>>> memcmp also returned non-zero when detected kseg0 high 256MB. Then I 
>>> did
>>> another thing. memcpy first and test memcmp then (after &_end). It 
>>> works
>>> well on 3A3000 but badly on 3A4000. Maybe because kseg0 high 256MB maps
>>> IO/PCI and it is dangerous to write like write memory.
>>>
>>> At last, read memory from where is not memory region may always 
>>> return 0.
>>> (Or trigger exception.) This function have been used several years and
>>> seems no error occur. Maybe it's a fallback way.
>> That is not true for other platforms like ath79 or mtk.
>> They'll wrap around or return 0xffffffff for out of boundary accessing.
>>
>> Loongson does not apply to this case as it have special "Address Window"
>> design to accurately describe address regions.
>> Any access beyond described windows will be handled by MC and return 
>> 0 or random stuff.
>>
>> Again, please don't make changes because you can.
>>
>> Thanks.
>>
>> - Jiaxun
>
> Hi, Jiaxun,
>
> Thank you for answering this puzzle for me in detail.
>
> Assume that the machine has 8MB real memory and dm address is (base + 
> 3M).
> When size = 8MB, there will be a phenomenon of `wrap around`, the actual
> content of (dm + 8M + 3M) is content of (dm + 3M), so it will trigger
> `break`, right? At this time, the kernel will add 8M to the memory.

Hi Jingyang,

How can you boot kernel with 8M memory in present days ;-)
(Ohh with respect to Nintendo64 developer who had proven it's possible)

For what I can say, detect_memory_region exists because many devices
doesn't have a way to pass memory size information from bootloader to
kernel. Or their bootloader even don't care about memory size.

Kernel needs it to get memory size correctly. Although it seems fragile.

That's life, we must accept imperfect past and don't repeat it in future.

Thanks.

- Jiaxun


>
> Thanks,
> Jinyang
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ