[v3] lib: Use PFN_PHYS() in devmem_is_allowed()

Message ID	20210731025057.78825-1-wangliang101@huawei.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=3K8N=MX=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D097460F3A From: Liang Wang <wangliang101@huawei.com> To: <palmerdabbelt@google.com>, <mcgrof@kernel.org>, <linux-kernel@vger.kernel.org>, <gregkh@linuxfoundation.org>, <linux@armlinux.org.uk>, <linux-arm-kernel@lists.infradead.org> CC: <stable@vger.kernel.org>, <wangliang101@huawei.com>, <wangle6@huawei.com>, <kepler.chenxin@huawei.com>, <nixiaoming@huawei.com>, <wangkefeng.wang@huawei.com> Subject: [PATCH v3] lib: Use PFN_PHYS() in devmem_is_allowed() Date: Sat, 31 Jul 2021 10:50:57 +0800 Message-ID: <20210731025057.78825-1-wangliang101@huawei.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	[v3] lib: Use PFN_PHYS() in devmem_is_allowed() \| expand [v3] lib: Use PFN_PHYS() in devmem_is_allowed()

Message ID

20210731025057.78825-1-wangliang101@huawei.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D097460F3A
From: Liang Wang <wangliang101@huawei.com>
To: <palmerdabbelt@google.com>, <mcgrof@kernel.org>,
 <linux-kernel@vger.kernel.org>, <gregkh@linuxfoundation.org>,
 <linux@armlinux.org.uk>, <linux-arm-kernel@lists.infradead.org>
CC: <stable@vger.kernel.org>, <wangliang101@huawei.com>, <wangle6@huawei.com>,
 <kepler.chenxin@huawei.com>, <nixiaoming@huawei.com>,
 <wangkefeng.wang@huawei.com>
Subject: [PATCH v3] lib: Use PFN_PHYS() in devmem_is_allowed()
Date: Sat, 31 Jul 2021 10:50:57 +0800
Message-ID: <20210731025057.78825-1-wangliang101@huawei.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

[v3] lib: Use PFN_PHYS() in devmem_is_allowed() | expand

Commit Message

Liang Wang July 31, 2021, 2:50 a.m. UTC

The physical address may exceed 32 bits on 32-bit systems with
more than 32 bits of physcial address,use PFN_PHYS() in devmem_is_allowed(),
or the physical address may overflow and be truncated.
We found this bug when mapping a high addresses through devmem tool,
when CONFIG_STRICT_DEVMEM is enabled on the ARM with ARM_LPAE and devmem
is used to map a high address that is not in the iomem address range,
an unexpected error indicating no permission is returned.

This bug was initially introduced from v2.6.37, and the function was moved
to lib when v5.11.

Cc: Luis Chamberlain <mcgrof@kernel.org>
Fixes: 087aaffcdf9c ("ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem")
Fixes: 527701eda5f1 ("lib: Add a generic version of devmem_is_allowed()")
Cc: stable@vger.kernel.org # v2.6.37
Signed-off-by: Liang Wang <wangliang101@huawei.com>
---
v3: update changelog suggested by Luis Chamberlain <mcgrof@kernel.org>
 lib/devmem_is_allowed.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Luis Chamberlain Aug. 2, 2021, 10:40 p.m. UTC | #1

On Sat, Jul 31, 2021 at 10:50:57AM +0800, Liang Wang wrote:
> The physical address may exceed 32 bits on 32-bit systems with
> more than 32 bits of physcial address,use PFN_PHYS() in devmem_is_allowed(),
> or the physical address may overflow and be truncated.
> We found this bug when mapping a high addresses through devmem tool,
> when CONFIG_STRICT_DEVMEM is enabled on the ARM with ARM_LPAE and devmem
> is used to map a high address that is not in the iomem address range,
> an unexpected error indicating no permission is returned.
> 
> This bug was initially introduced from v2.6.37, and the function was moved
> to lib when v5.11.
> 
> Cc: Luis Chamberlain <mcgrof@kernel.org>
> Fixes: 087aaffcdf9c ("ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem")
> Fixes: 527701eda5f1 ("lib: Add a generic version of devmem_is_allowed()")
> Cc: stable@vger.kernel.org # v2.6.37
> Signed-off-by: Liang Wang <wangliang101@huawei.com>

Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>

  Luis

Kefeng Wang Aug. 4, 2021, 5:01 a.m. UTC | #2

On 2021/7/31 10:50, Liang Wang wrote:
> The physical address may exceed 32 bits on 32-bit systems with
> more than 32 bits of physcial address,use PFN_PHYS() in devmem_is_allowed(),
> or the physical address may overflow and be truncated.
> We found this bug when mapping a high addresses through devmem tool,
> when CONFIG_STRICT_DEVMEM is enabled on the ARM with ARM_LPAE and devmem
> is used to map a high address that is not in the iomem address range,
> an unexpected error indicating no permission is returned.
>
> This bug was initially introduced from v2.6.37, and the function was moved
> to lib when v5.11.
>
> Cc: Luis Chamberlain <mcgrof@kernel.org>
> Fixes: 087aaffcdf9c ("ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem")
> Fixes: 527701eda5f1 ("lib: Add a generic version of devmem_is_allowed()")
> Cc: stable@vger.kernel.org # v2.6.37
> Signed-off-by: Liang Wang <wangliang101@huawei.com>
Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>

Palmer Dabbelt Aug. 4, 2021, 5:14 a.m. UTC | #3

On Tue, 03 Aug 2021 22:01:46 PDT (-0700), wangkefeng.wang@huawei.com wrote:
>
> On 2021/7/31 10:50, Liang Wang wrote:
>> The physical address may exceed 32 bits on 32-bit systems with
>> more than 32 bits of physcial address,use PFN_PHYS() in devmem_is_allowed(),
>> or the physical address may overflow and be truncated.
>> We found this bug when mapping a high addresses through devmem tool,
>> when CONFIG_STRICT_DEVMEM is enabled on the ARM with ARM_LPAE and devmem
>> is used to map a high address that is not in the iomem address range,
>> an unexpected error indicating no permission is returned.
>>
>> This bug was initially introduced from v2.6.37, and the function was moved
>> to lib when v5.11.
>>
>> Cc: Luis Chamberlain <mcgrof@kernel.org>
>> Fixes: 087aaffcdf9c ("ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem")
>> Fixes: 527701eda5f1 ("lib: Add a generic version of devmem_is_allowed()")
>> Cc: stable@vger.kernel.org # v2.6.37
>> Signed-off-by: Liang Wang <wangliang101@huawei.com>
> Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>

Weird, it's still only your replies that are coming through.  Given that 
this only manifests on 32-bit Arm systems, I'm going to leave this up to 
them for now.

Acked-by: Palmer Dabbelt <palmerdabbelt@google.com>

diff --git a/lib/devmem_is_allowed.c b/lib/devmem_is_allowed.c
index c0d67c541849..60be9e24bd57 100644
--- a/lib/devmem_is_allowed.c
+++ b/lib/devmem_is_allowed.c
@@ -19,7 +19,7 @@ 
  */
 int devmem_is_allowed(unsigned long pfn)
 {
-	if (iomem_is_exclusive(pfn << PAGE_SHIFT))
+	if (iomem_is_exclusive(PFN_PHYS(pfn)))
 		return 0;
 	if (!page_is_ram(pfn))
 		return 1;

[v3] lib: Use PFN_PHYS() in devmem_is_allowed()

Commit Message

Comments

Patch