lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87r06h3stk.fsf@all.your.base.are.belong.to.us>
Date: Mon, 09 Dec 2024 14:10:47 +0100
From: Björn Töpel <bjorn@...nel.org>
To: Xu Lu <luxu.kernel@...edance.com>, paul.walmsley@...ive.com,
 palmer@...belt.com, alexghiti@...osinc.com, bjorn@...osinc.com
Cc: lihangjing@...edance.com, xieyongji@...edance.com,
 linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org, Xu Lu
 <luxu.kernel@...edance.com>
Subject: Re: [PATCH v4] riscv: mm: Fix the out of bound issue of vmemmap
 address

Xu Lu <luxu.kernel@...edance.com> writes:

> In sparse vmemmap model, the virtual address of vmemmap is calculated as:
> ((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)).
> And the struct page's va can be calculated with an offset:
> (vmemmap + (pfn)).
>
> However, when initializing struct pages, kernel actually starts from the
> first page from the same section that phys_ram_base belongs to. If the
> first page's physical address is not (phys_ram_base >> PAGE_SHIFT), then
> we get an va below VMEMMAP_START when calculating va for it's struct page.
>
> For example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the
> first page in the same section is actually pfn 0x80000. During
> init_unavailable_range(), we will initialize struct page for pfn 0x80000
> with virtual address ((struct page *)VMEMMAP_START - 0x2000), which is
> below VMEMMAP_START as well as PCI_IO_END.
>
> This commit fixes this bug by introducing a new variable
> 'vmemmap_start_pfn' which is aligned with memory section size and using
> it to calculate vmemmap address instead of phys_ram_base.
>
> Fixes: a11dd49dcb93 ("riscv: Sparse-Memory/vmemmap out-of-bounds fix")
> Signed-off-by: Xu Lu <luxu.kernel@...edance.com>

Verified that the kernel is not trying to access vmemmap/struct pages
below VMEMMAP_START.

Tested-by: Björn Töpel <bjorn@...osinc.com>
Reviewed-by: Björn Töpel <bjorn@...osinc.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ