lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 19 Apr 2022 14:19:21 -0700
From:   Tony Luck <tony.luck@...el.com>
To:     "Rafael J. Wysocki" <rafael@...nel.org>
Cc:     Len Brown <lenb@...nel.org>, James Morse <james.morse@....com>,
        Borislav Petkov <bp@...en8.de>, linux-acpi@...r.kernel.org,
        linux-kernel@...r.kernel.org, patches@...ts.linux.dev,
        Tony Luck <tony.luck@...el.com>
Subject: [PATCH] ACPI, APEI, EINJ: Refuse to inject into the zero page

Some validation tests dynamically inject errors into memory used by
applications to check that the system can recover from a variety of
poison consumption sceenarios.

But sometimes the virtual address picked by these tests is mapped to
the zero page.

This causes additional unexpected machine checks as other processes that
map the zero page also consume the poison.

Disallow injection to the zero page.

Signed-off-by: Tony Luck <tony.luck@...el.com>

---
I picked -EADDRINUSE as a somewhat descriptive error code distinct
fromm -EINVAL used elsewhere in EINJ, but I'm not strongly attached
to it. Any other non -EINVAL value would be as good an indicator to
the validation tests that they shouldn't inject to this address.
---
 drivers/acpi/apei/einj.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c
index 95cc2a9f3e05..d4326ec12d29 100644
--- a/drivers/acpi/apei/einj.c
+++ b/drivers/acpi/apei/einj.c
@@ -549,6 +549,9 @@ static int einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
 	     !arch_is_platform_page(base_addr)))
 		return -EINVAL;
 
+	if (is_zero_pfn(base_addr >> PAGE_SHIFT))
+		return -EADDRINUSE;
+
 inject:
 	mutex_lock(&einj_mutex);
 	rc = __einj_error_inject(type, flags, param1, param2, param3, param4);
-- 
2.35.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ