* [PATCH 1/2] ARM: mm: fix set_memory_*() bounds checks
@ 2016-11-21 16:08 Russell King
2016-11-29 15:25 ` Dave Gerlach
0 siblings, 1 reply; 4+ messages in thread
From: Russell King @ 2016-11-21 16:08 UTC (permalink / raw)
To: linux-arm-kernel
The set_memory_*() bounds checks are buggy on several fronts:
1. They fail to round the region size up if the passed address is not
page aligned.
2. The region check was incomplete, and didn't correspond with what
was being asked of apply_to_page_range()
So, rework change_memory_common() to fix these problems, adding an
"in_region()" helper to determine whether the start & size fit within
the provided region start and stop addresses.
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
---
arch/arm/mm/pageattr.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/arch/arm/mm/pageattr.c b/arch/arm/mm/pageattr.c
index d19b1ad29b07..db09f2e7efda 100644
--- a/arch/arm/mm/pageattr.c
+++ b/arch/arm/mm/pageattr.c
@@ -34,28 +34,28 @@ static int change_page_range(pte_t *ptep, pgtable_t token, unsigned long addr,
return 0;
}
+static bool in_range(unsigned long start, unsigned long size,
+ unsigned long range_start, unsigned long range_end)
+{
+ return start >= range_start && start < range_end &&
+ size <= range_end - start;
+}
+
static int change_memory_common(unsigned long addr, int numpages,
pgprot_t set_mask, pgprot_t clear_mask)
{
- unsigned long start = addr;
- unsigned long size = PAGE_SIZE*numpages;
- unsigned long end = start + size;
+ unsigned long start = addr & PAGE_SIZE;
+ unsigned long end = PAGE_ALIGN(addr) + numpages * PAGE_SIZE;
+ unsigned long size = end - start;
int ret;
struct page_change_data data;
- if (!IS_ALIGNED(addr, PAGE_SIZE)) {
- start &= PAGE_MASK;
- end = start + size;
- WARN_ON_ONCE(1);
- }
+ WARN_ON_ONCE(start != addr);
- if (!numpages)
+ if (!size)
return 0;
- if (start < MODULES_VADDR || start >= MODULES_END)
- return -EINVAL;
-
- if (end < MODULES_VADDR || start >= MODULES_END)
+ if (!in_range(start, size, MODULES_VADDR, MODULES_END))
return -EINVAL;
data.set_mask = set_mask;
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH 1/2] ARM: mm: fix set_memory_*() bounds checks
2016-11-21 16:08 [PATCH 1/2] ARM: mm: fix set_memory_*() bounds checks Russell King
@ 2016-11-29 15:25 ` Dave Gerlach
2016-11-29 17:59 ` Russell King - ARM Linux
0 siblings, 1 reply; 4+ messages in thread
From: Dave Gerlach @ 2016-11-29 15:25 UTC (permalink / raw)
To: linux-arm-kernel
Hi,
On 11/21/2016 10:08 AM, Russell King wrote:
> The set_memory_*() bounds checks are buggy on several fronts:
>
> 1. They fail to round the region size up if the passed address is not
> page aligned.
> 2. The region check was incomplete, and didn't correspond with what
> was being asked of apply_to_page_range()
>
> So, rework change_memory_common() to fix these problems, adding an
> "in_region()" helper to determine whether the start & size fit within
> the provided region start and stop addresses.
>
> Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
> ---
> arch/arm/mm/pageattr.c | 26 +++++++++++++-------------
> 1 file changed, 13 insertions(+), 13 deletions(-)
>
> diff --git a/arch/arm/mm/pageattr.c b/arch/arm/mm/pageattr.c
> index d19b1ad29b07..db09f2e7efda 100644
> --- a/arch/arm/mm/pageattr.c
> +++ b/arch/arm/mm/pageattr.c
> @@ -34,28 +34,28 @@ static int change_page_range(pte_t *ptep, pgtable_t token, unsigned long addr,
> return 0;
> }
>
> +static bool in_range(unsigned long start, unsigned long size,
> + unsigned long range_start, unsigned long range_end)
> +{
> + return start >= range_start && start < range_end &&
> + size <= range_end - start;
> +}
> +
> static int change_memory_common(unsigned long addr, int numpages,
> pgprot_t set_mask, pgprot_t clear_mask)
> {
> - unsigned long start = addr;
> - unsigned long size = PAGE_SIZE*numpages;
> - unsigned long end = start + size;
> + unsigned long start = addr & PAGE_SIZE;
This doesn't work as is, I believe 'start' should be set to
PAGE_ALIGN(addr), addr & PAGE_SIZE as it is doesn't make sense. If I
make this change this code works ok.
Regards,
Dave
> + unsigned long end = PAGE_ALIGN(addr) + numpages * PAGE_SIZE;
> + unsigned long size = end - start;
> int ret;
> struct page_change_data data;
>
> - if (!IS_ALIGNED(addr, PAGE_SIZE)) {
> - start &= PAGE_MASK;
> - end = start + size;
> - WARN_ON_ONCE(1);
> - }
> + WARN_ON_ONCE(start != addr);
>
> - if (!numpages)
> + if (!size)
> return 0;
>
> - if (start < MODULES_VADDR || start >= MODULES_END)
> - return -EINVAL;
> -
> - if (end < MODULES_VADDR || start >= MODULES_END)
> + if (!in_range(start, size, MODULES_VADDR, MODULES_END))
> return -EINVAL;
>
> data.set_mask = set_mask;
>
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH 1/2] ARM: mm: fix set_memory_*() bounds checks
2016-11-29 15:25 ` Dave Gerlach
@ 2016-11-29 17:59 ` Russell King - ARM Linux
2017-01-06 16:29 ` Dave Gerlach
0 siblings, 1 reply; 4+ messages in thread
From: Russell King - ARM Linux @ 2016-11-29 17:59 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Nov 29, 2016 at 09:25:19AM -0600, Dave Gerlach wrote:
> Hi,
> On 11/21/2016 10:08 AM, Russell King wrote:
> >+static bool in_range(unsigned long start, unsigned long size,
> >+ unsigned long range_start, unsigned long range_end)
> >+{
> >+ return start >= range_start && start < range_end &&
> >+ size <= range_end - start;
> >+}
> >+
> > static int change_memory_common(unsigned long addr, int numpages,
> > pgprot_t set_mask, pgprot_t clear_mask)
> > {
> >- unsigned long start = addr;
> >- unsigned long size = PAGE_SIZE*numpages;
> >- unsigned long end = start + size;
> >+ unsigned long start = addr & PAGE_SIZE;
>
> This doesn't work as is, I believe 'start' should be set to
> PAGE_ALIGN(addr), addr & PAGE_SIZE as it is doesn't make sense. If I make
> this change this code works ok.
You're right, but we want to round 'addr' _down_, not up as PAGE_ALIGN()
will do. So that should've been PAGE_MASK.
--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH 1/2] ARM: mm: fix set_memory_*() bounds checks
2016-11-29 17:59 ` Russell King - ARM Linux
@ 2017-01-06 16:29 ` Dave Gerlach
0 siblings, 0 replies; 4+ messages in thread
From: Dave Gerlach @ 2017-01-06 16:29 UTC (permalink / raw)
To: linux-arm-kernel
Russell,
On 11/29/2016 11:59 AM, Russell King - ARM Linux wrote:
> On Tue, Nov 29, 2016 at 09:25:19AM -0600, Dave Gerlach wrote:
>> Hi,
>> On 11/21/2016 10:08 AM, Russell King wrote:
>>> +static bool in_range(unsigned long start, unsigned long size,
>>> + unsigned long range_start, unsigned long range_end)
>>> +{
>>> + return start >= range_start && start < range_end &&
>>> + size <= range_end - start;
>>> +}
>>> +
>>> static int change_memory_common(unsigned long addr, int numpages,
>>> pgprot_t set_mask, pgprot_t clear_mask)
>>> {
>>> - unsigned long start = addr;
>>> - unsigned long size = PAGE_SIZE*numpages;
>>> - unsigned long end = start + size;
>>> + unsigned long start = addr & PAGE_SIZE;
>>
>> This doesn't work as is, I believe 'start' should be set to
>> PAGE_ALIGN(addr), addr & PAGE_SIZE as it is doesn't make sense. If I make
>> this change this code works ok.
>
> You're right, but we want to round 'addr' _down_, not up as PAGE_ALIGN()
> will do. So that should've been PAGE_MASK.
>
Do you plan to send an updated version of this patch? I'd be happy to
update it and resend.
Regards,
Dave
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-01-06 16:29 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-21 16:08 [PATCH 1/2] ARM: mm: fix set_memory_*() bounds checks Russell King
2016-11-29 15:25 ` Dave Gerlach
2016-11-29 17:59 ` Russell King - ARM Linux
2017-01-06 16:29 ` Dave Gerlach
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox