From patchwork Mon Aug 1 09:42:19 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: zijun_hu X-Patchwork-Id: 9254119 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3716A60865 for ; Mon, 1 Aug 2016 09:44:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 12B2028460 for ; Mon, 1 Aug 2016 09:44:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0581C28495; Mon, 1 Aug 2016 09:44:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, FREEMAIL_FROM,RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.9]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 909DA28460 for ; Mon, 1 Aug 2016 09:44:34 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.85_2 #1 (Red Hat Linux)) id 1bU9kb-00076t-E8; Mon, 01 Aug 2016 09:43:09 +0000 Received: from sender153-mail.zoho.com ([74.201.84.153]) by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat Linux)) id 1bU9kW-00070q-1D for linux-arm-kernel@lists.infradead.org; Mon, 01 Aug 2016 09:43:05 +0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768; d=zoho.com; h=to:cc:from:subject:message-id:date:user-agent:mime-version:content-type; b=s4ft4wdToWHI8fsS/6HCp8tP2Y7T5zHPOOC2krLQj1l/h8+O6Ojh3tZ1/pGUvX9kvaO8q/5djEqO oWedMCT7Anzjtqz446dntePUQKVgHyCU/nDDiUxPpEKzrO5pC0v4 Received: from [10.46.32.234] (101.231.239.152 [101.231.239.152]) by mx.zohomail.com with SMTPS id 1470044550289216.9436957261346; Mon, 1 Aug 2016 02:42:30 -0700 (PDT) To: catalin.marinas@arm.com, will.deacon@arm.com, linux-arm-kernel@lists.infradead.org, ard.biesheuvel@linaro.org, mark.rutland@arm.com, labbott@fedoraproject.org, suzuki.poulose@arm.com, jeremy.linton@arm.com, tj@kernel.org From: zijun_hu Subject: [PATCH] arm64: fix address fault during mapping fdt region Message-ID: <579F197B.80101@zoho.com> Date: Mon, 1 Aug 2016 17:42:19 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160801_024304_253035_7D1A35BF X-CRM114-Status: GOOD ( 14.72 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: zijun_hu@htc.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From 07b9216ec3494515e7a6c41e0333eb8782427db3 Mon Sep 17 00:00:00 2001 From: zijun_hu Date: Mon, 1 Aug 2016 17:04:59 +0800 Subject: [PATCH] arm64: fix address fault during mapping fdt region fdt_check_header() accesses other fileds of fdt header but the first 8 bytes such as version; so accessing unmapped address fault happens if fdt region locates below align boundary nearly during mapping fdt region, or expressed as (offset + sizeof(struct fdt_header)) > SWAPPER_BLOCK_SIZE fdt header size at least is mapped in order to avoid the issue Signed-off-by: zijun_hu --- arch/arm64/mm/mmu.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 0f85a46..0d72b71 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -744,6 +744,7 @@ void *__init __fixmap_remap_fdt(phys_addr_t dt_phys, int *size, pgprot_t prot) const u64 dt_virt_base = __fix_to_virt(FIX_FDT); int offset; void *dt_virt; + int dt_header_map_size; /* * Check whether the physical FDT address is set and meets the minimum @@ -774,9 +775,18 @@ void *__init __fixmap_remap_fdt(phys_addr_t dt_phys, int *size, pgprot_t prot) offset = dt_phys % SWAPPER_BLOCK_SIZE; dt_virt = (void *)dt_virt_base + offset; + /* + * fdt_check_header() maybe access any field of fdt header not + * the first 8 bytes only, so map fdt header size at least for + * checking fdt header without address fault more portably + */ + BUILD_BUG_ON(sizeof(struct fdt_header) > SWAPPER_BLOCK_SIZE); + dt_header_map_size = round_up(offset + sizeof(struct fdt_header), + SWAPPER_BLOCK_SIZE); + /* map the first chunk so we can read the size from the header */ create_mapping_noalloc(round_down(dt_phys, SWAPPER_BLOCK_SIZE), - dt_virt_base, SWAPPER_BLOCK_SIZE, prot); + dt_virt_base, dt_header_map_size, prot); if (fdt_check_header(dt_virt) != 0) return NULL; @@ -785,7 +795,7 @@ void *__init __fixmap_remap_fdt(phys_addr_t dt_phys, int *size, pgprot_t prot) if (*size > MAX_FDT_SIZE) return NULL; - if (offset + *size > SWAPPER_BLOCK_SIZE) + if (offset + *size > dt_header_map_size) create_mapping_noalloc(round_down(dt_phys, SWAPPER_BLOCK_SIZE), dt_virt_base, round_up(offset + *size, SWAPPER_BLOCK_SIZE), prot);