From: Russell King - ARM Linux admin <linux@armlinux.org.uk>
To: Luis Araneda <luaraneda@gmail.com>
Cc: michal.simek@xilinx.com, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH] ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
Date: Tue, 30 Jul 2019 11:47:46 +0100 [thread overview]
Message-ID: <20190730104746.GA1330@shell.armlinux.org.uk> (raw)
In-Reply-To: <20190730044326.1805-1-luaraneda@gmail.com>
On Tue, Jul 30, 2019 at 12:43:26AM -0400, Luis Araneda wrote:
> This fixes a kernel panic (read overflow) on memcpy when
> FORTIFY_SOURCE is enabled.
>
> The computed size of memcpy args are:
> - p_size (dst): 4294967295 = (size_t) -1
> - q_size (src): 1
> - size (len): 8
>
> Additionally, the memory is marked as __iomem, so one of
> the memcpy_* functions should be used for read/write
>
> Signed-off-by: Luis Araneda <luaraneda@gmail.com>
> ---
>
> For anyone trying to reproduce / debug this, it panics
> before the console has any output.
> I used JTAG to find the panic, but I had to comment-out
> the call to "zynq_slcr_cpu_stop" as it stops the JTAG
> interface and the connection is dropped, at least with OpenOCD.
>
> I run-tested this on a Digilent Zybo Z7 board
> ---
> arch/arm/mach-zynq/platsmp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm/mach-zynq/platsmp.c b/arch/arm/mach-zynq/platsmp.c
> index a7cfe07156f4..407abade7336 100644
> --- a/arch/arm/mach-zynq/platsmp.c
> +++ b/arch/arm/mach-zynq/platsmp.c
> @@ -57,7 +57,7 @@ int zynq_cpun_start(u32 address, int cpu)
> * 0x4: Jump by mov instruction
> * 0x8: Jumping address
> */
> - memcpy((__force void *)zero, &zynq_secondary_trampoline,
> + memcpy_toio(zero, &zynq_secondary_trampoline,
> trampoline_size);
> writel(address, zero + trampoline_size);
I'm not convinced that this is correct. It looks like
zynq_secondary_trampoline could be either ARM or Thumb code - there is
no .arm directive before it. If it's ARM code, then this is fine. If
Thumb code, then zynq_secondary_trampoline will be offset by one, and
we will miss copying the first byte of code.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 12.1Mbps down 622kbps up
According to speedtest.net: 11.9Mbps down 500kbps up
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Russell King - ARM Linux admin <linux@armlinux.org.uk>
To: Luis Araneda <luaraneda@gmail.com>
Cc: michal.simek@xilinx.com, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH] ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
Date: Tue, 30 Jul 2019 11:47:46 +0100 [thread overview]
Message-ID: <20190730104746.GA1330@shell.armlinux.org.uk> (raw)
In-Reply-To: <20190730044326.1805-1-luaraneda@gmail.com>
On Tue, Jul 30, 2019 at 12:43:26AM -0400, Luis Araneda wrote:
> This fixes a kernel panic (read overflow) on memcpy when
> FORTIFY_SOURCE is enabled.
>
> The computed size of memcpy args are:
> - p_size (dst): 4294967295 = (size_t) -1
> - q_size (src): 1
> - size (len): 8
>
> Additionally, the memory is marked as __iomem, so one of
> the memcpy_* functions should be used for read/write
>
> Signed-off-by: Luis Araneda <luaraneda@gmail.com>
> ---
>
> For anyone trying to reproduce / debug this, it panics
> before the console has any output.
> I used JTAG to find the panic, but I had to comment-out
> the call to "zynq_slcr_cpu_stop" as it stops the JTAG
> interface and the connection is dropped, at least with OpenOCD.
>
> I run-tested this on a Digilent Zybo Z7 board
> ---
> arch/arm/mach-zynq/platsmp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm/mach-zynq/platsmp.c b/arch/arm/mach-zynq/platsmp.c
> index a7cfe07156f4..407abade7336 100644
> --- a/arch/arm/mach-zynq/platsmp.c
> +++ b/arch/arm/mach-zynq/platsmp.c
> @@ -57,7 +57,7 @@ int zynq_cpun_start(u32 address, int cpu)
> * 0x4: Jump by mov instruction
> * 0x8: Jumping address
> */
> - memcpy((__force void *)zero, &zynq_secondary_trampoline,
> + memcpy_toio(zero, &zynq_secondary_trampoline,
> trampoline_size);
> writel(address, zero + trampoline_size);
I'm not convinced that this is correct. It looks like
zynq_secondary_trampoline could be either ARM or Thumb code - there is
no .arm directive before it. If it's ARM code, then this is fine. If
Thumb code, then zynq_secondary_trampoline will be offset by one, and
we will miss copying the first byte of code.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 12.1Mbps down 622kbps up
According to speedtest.net: 11.9Mbps down 500kbps up
next prev parent reply other threads:[~2019-07-30 10:48 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-30 4:43 [RFC PATCH] ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up Luis Araneda
2019-07-30 4:43 ` Luis Araneda
2019-07-30 10:47 ` Russell King - ARM Linux admin [this message]
2019-07-30 10:47 ` Russell King - ARM Linux admin
2019-07-31 4:12 ` Luis Araneda
2019-07-31 4:12 ` Luis Araneda
2019-08-05 9:53 ` Michal Simek
2019-08-05 9:53 ` Michal Simek
2019-08-06 1:52 ` Luis Araneda
2019-08-06 1:52 ` Luis Araneda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190730104746.GA1330@shell.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luaraneda@gmail.com \
--cc=michal.simek@xilinx.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.