lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 31 Jul 2021 10:50:57 +0800
From:   Liang Wang <wangliang101@...wei.com>
To:     <palmerdabbelt@...gle.com>, <mcgrof@...nel.org>,
        <linux-kernel@...r.kernel.org>, <gregkh@...uxfoundation.org>,
        <linux@...linux.org.uk>, <linux-arm-kernel@...ts.infradead.org>
CC:     <stable@...r.kernel.org>, <wangliang101@...wei.com>,
        <wangle6@...wei.com>, <kepler.chenxin@...wei.com>,
        <nixiaoming@...wei.com>, <wangkefeng.wang@...wei.com>
Subject: [PATCH v3] lib: Use PFN_PHYS() in devmem_is_allowed()

The physical address may exceed 32 bits on 32-bit systems with
more than 32 bits of physcial address,use PFN_PHYS() in devmem_is_allowed(),
or the physical address may overflow and be truncated.
We found this bug when mapping a high addresses through devmem tool,
when CONFIG_STRICT_DEVMEM is enabled on the ARM with ARM_LPAE and devmem
is used to map a high address that is not in the iomem address range,
an unexpected error indicating no permission is returned.

This bug was initially introduced from v2.6.37, and the function was moved
to lib when v5.11.

Cc: Luis Chamberlain <mcgrof@...nel.org>
Fixes: 087aaffcdf9c ("ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem")
Fixes: 527701eda5f1 ("lib: Add a generic version of devmem_is_allowed()")
Cc: stable@...r.kernel.org # v2.6.37
Signed-off-by: Liang Wang <wangliang101@...wei.com>
---
v3: update changelog suggested by Luis Chamberlain <mcgrof@...nel.org>
 lib/devmem_is_allowed.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/devmem_is_allowed.c b/lib/devmem_is_allowed.c
index c0d67c541849..60be9e24bd57 100644
--- a/lib/devmem_is_allowed.c
+++ b/lib/devmem_is_allowed.c
@@ -19,7 +19,7 @@
  */
 int devmem_is_allowed(unsigned long pfn)
 {
-	if (iomem_is_exclusive(pfn << PAGE_SHIFT))
+	if (iomem_is_exclusive(PFN_PHYS(pfn)))
 		return 0;
 	if (!page_is_ram(pfn))
 		return 1;
-- 
2.32.0

Powered by blists - more mailing lists