| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 May 2021 14:18:53 +0100
From: "Russell King (Oracle)" <linux@...linux.org.uk>
To: Krzysztof Hałasa <khalasa@...p.pl>
Cc: linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: Data corruption on i.MX6 IPU in arm_copy_from_user()
On Wed, May 26, 2021 at 02:29:07PM +0200, Krzysztof Hałasa wrote:
> "Russell King (Oracle)" <linux@...linux.org.uk> writes:
>
> > Surely someone is not using copy_*_user() to copy data from userspace
> > direct to MMIO space... that would be crazy.
>
> No, it's the other way around: reading MMIO mapped to userspace (mmap
> on /dev/mem) and copying it to simple kernel buffer (e.g. pipe buffer).
> I.e., the MMIO is the userspace here (thus copy_from_user()).
Ah. I think we assume copy_from_user() will be used on memory only and
not device mappings.
In any case, looking at the architecture reference manual, LDM is
permitted on device and strongly ordered mappings, and the memory
subsystem is required to decompose it into a series of 32-bit accesses.
So, it sounds to me like there could be a hardware bug in the buses/IPU
causing this.
Can you try using LDM directly inside the kernel and seeing what effect
it has when reading the IPU? A simple test module should be sufficient.
I suspect it'll show the same thing - basically, that using LDM to the
IPU is broken.
Thanks.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
Powered by blists - more mailing lists