lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c81305b0-c419-362a-073b-65150497d1d7@arm.com>
Date:   Tue, 7 Dec 2021 11:42:33 +0000
From:   Robin Murphy <robin.murphy@....com>
To:     yf.wang@...iatek.com, will@...nel.org
Cc:     Guangming.Cao@...iatek.com, Libo.Kang@...iatek.com,
        iommu@...ts.linux-foundation.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-mediatek@...ts.infradead.org, matthias.bgg@...il.com,
        wsd_upstream@...iatek.com, stable@...r.kernel.org
Subject: Re: [PATCH v3] iommu/io-pgtable-arm-v7s: Add error handle for page
 table allocation failure

On 2021-12-07 11:33, yf.wang@...iatek.com wrote:
> From: Yunfei Wang <yf.wang@...iatek.com>
> 
> In __arm_v7s_alloc_table function:
> iommu call kmem_cache_alloc to allocate page table, this function
> allocate memory may fail, when kmem_cache_alloc fails to allocate
> table, call virt_to_phys will be abnomal and return unexpected phys
> and goto out_free, then call kmem_cache_free to release table will
> trigger KE, __get_free_pages and free_pages have similar problem,
> so add error handle for page table allocation failure.
> 
> Fixes: 29859aeb8a6ea ("iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE")
> Signed-off-by: Yunfei Wang <yf.wang@...iatek.com>
> Cc: <stable@...r.kernel.org> # 5.10.*

Is this genuinely a realistic issue which distro users can hit? In 
practice, a system that can't allocate 2KB is already dead and almost 
certainly isn't coming back either way.

Still, v3 has managed to address my other review comments before I'd 
even finished writing them, so for the change itself,

Acked-by: Robin Murphy <robin.murphy@....com>

Thanks,
Robin.

> ---
> v3: Update patch
>      1. Remove unnecessary log print as suggested by Will.
>      2. Remove unnecessary condition check.
> v2: Cc stable@...r.kernel.org
>      1. This patch needs to be merged stable branch, add stable@...r.kernel.org
>         in mail list.
>      2. There is No new code change in v2.
> 
> ---
>   drivers/iommu/io-pgtable-arm-v7s.c | 6 +++++-
>   1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/iommu/io-pgtable-arm-v7s.c b/drivers/iommu/io-pgtable-arm-v7s.c
> index bfb6acb651e5..be066c1503d3 100644
> --- a/drivers/iommu/io-pgtable-arm-v7s.c
> +++ b/drivers/iommu/io-pgtable-arm-v7s.c
> @@ -246,13 +246,17 @@ static void *__arm_v7s_alloc_table(int lvl, gfp_t gfp,
>   			__GFP_ZERO | ARM_V7S_TABLE_GFP_DMA, get_order(size));
>   	else if (lvl == 2)
>   		table = kmem_cache_zalloc(data->l2_tables, gfp);
> +
> +	if (!table)
> +		return NULL;
> +
>   	phys = virt_to_phys(table);
>   	if (phys != (arm_v7s_iopte)phys) {
>   		/* Doesn't fit in PTE */
>   		dev_err(dev, "Page table does not fit in PTE: %pa", &phys);
>   		goto out_free;
>   	}
> -	if (table && !cfg->coherent_walk) {
> +	if (!cfg->coherent_walk) {
>   		dma = dma_map_single(dev, table, size, DMA_TO_DEVICE);
>   		if (dma_mapping_error(dev, dma))
>   			goto out_free;
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ