lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 3 Sep 2021 17:03:39 +0800
From:   Nanyong Sun <sunnanyong@...wei.com>
To:     <mpe@...erman.id.au>, <benh@...nel.crashing.org>,
        <paulus@...ba.org>, <akpm@...ux-foundation.org>,
        <npiggin@...il.com>, <christophe.leroy@....fr>
CC:     <linuxppc-dev@...ts.ozlabs.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH -next] powerpc/mm: check base flags in ioremap_prot

Some drivers who call ioremap_prot without setting base flags like
ioremap_prot(addr, len, 0) may work well before
commit 56f3c1413f5c ("powerpc/mm: properly set PAGE_KERNEL flags in
ioremap()"), but now they will get a virtual address "successfully"
from ioremap_prot and badly fault on memory access later because that
patch also dropped the hack adding of base flags for ioremap_prot.

So return NULL and throw a warning if the caller of ioremap_prot did
not set base flags properly. Why not just hack adding PAGE_KERNEL flags
in the ioremap_prot, because most scenarios can be covered by high level
functions like ioremap(), ioremap_coherent(), ioremap_cache()...
so it is better to keep max flexibility for this low level api.

Signed-off-by: Nanyong Sun <sunnanyong@...wei.com>
---
 arch/powerpc/mm/ioremap.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/powerpc/mm/ioremap.c b/arch/powerpc/mm/ioremap.c
index 57342154d2b0..b7eda0f0d04d 100644
--- a/arch/powerpc/mm/ioremap.c
+++ b/arch/powerpc/mm/ioremap.c
@@ -46,6 +46,10 @@ void __iomem *ioremap_prot(phys_addr_t addr, unsigned long size, unsigned long f
 	pte_t pte = __pte(flags);
 	void *caller = __builtin_return_address(0);
 
+	/* The caller should set base page flags properly */
+	if (WARN_ON((flags & _PAGE_PRESENT) == 0))
+		return NULL;
+
 	/* writeable implies dirty for kernel addresses */
 	if (pte_write(pte))
 		pte = pte_mkdirty(pte);
-- 
2.18.0.huawei.25

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ