From: Lukas Wunner <lukas@wunner.de>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Zorro Lang <zlang@redhat.com>,
Vegard Nossum <vegard.nossum@oracle.com>,
Joey Gouly <joey.gouly@arm.com>,
linux-arm-kernel@lists.infradead.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH for-next/fixes] arm64/mm: Fix false-positive !virt_addr_valid() for kernel image
Date: Mon, 25 Nov 2024 10:54:49 +0100 [thread overview]
Message-ID: <Z0RJaU4wjU5WeQb4@wunner.de> (raw)
In-Reply-To: <CAMj1kXER7AbNyUDjtij6Ni0jVRMg11xvyhkCMKAxaKbx=dsgcQ@mail.gmail.com>
On Sun, Nov 24, 2024 at 06:13:26PM +0100, Ard Biesheuvel wrote:
> > On Sun, 24 Nov 2024 at 17:16, Lukas Wunner <lukas@wunner.de> wrote:
> > > Zorro reports a false-positive BUG_ON() when running crypto selftests on
> > > boot: Since commit 1e562deacecc ("crypto: rsassa-pkcs1 - Migrate to
> > > sig_alg backend"), test_sig_one() invokes an RSA verify operation with a
> > > test vector in the kernel's .rodata section. The test vector is passed
> > > to sg_set_buf(), which performs a virt_addr_valid() check.
> > >
> > > On arm64, virt_addr_valid() returns false for kernel image addresses
> > > such as this one, even though they're valid virtual addresses.
> > > x86 returns true for kernel image addresses, so the BUG_ON() does not
> > > occur there. In fact, x86 has been doing so for 16 years, i.e. since
> > > commit af5c2bd16ac2 ("x86: fix virt_addr_valid() with
> > > CONFIG_DEBUG_VIRTUAL=y, v2").
> > >
> > > Do the same on arm64 to avoid the false-positive BUG_ON() and to achieve
> > > consistent virt_addr_valid() behavior across arches.
[...]
> that doesn't mean doing DMA from the kernel image is a great
> idea. Allocations in the linear map are rounded up to cacheline size
> to ensure that they are safe for non-coherent DMA, but this does not
> apply to the kernel image. .rodata should still be safe in this
> regard, but the general idea of allowing kernel image addresses in
> places where DMA'able virtual addresses are expected is something we
> should consider with care.
Other arches do not seem to be concerned about this and
let virt_addr_valid() return true for the kernel image.
It's not clear why arm64 is special and needs to return false.
However, I agree there's hardly ever a reason to DMA from/to the
.text section. From a security perspective, constraining this to
.rodata seems reasonable to me and I'll be happy to amend the patch
to that effect if that's the consensus.
I'll wait for guidance from arm64 maintainers what the preferred
approach is.
Thanks,
Lukas
next prev parent reply other threads:[~2024-11-25 9:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-24 16:15 [PATCH for-next/fixes] arm64/mm: Fix false-positive !virt_addr_valid() for kernel image Lukas Wunner
2024-11-24 16:38 ` Ard Biesheuvel
2024-11-24 17:13 ` Ard Biesheuvel
2024-11-25 9:54 ` Lukas Wunner [this message]
2024-11-25 10:50 ` Mark Rutland
2024-11-25 14:49 ` Lukas Wunner
2024-11-25 15:18 ` Mark Rutland
2024-11-29 8:00 ` Lukas Wunner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z0RJaU4wjU5WeQb4@wunner.de \
--to=lukas@wunner.de \
--cc=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=herbert@gondor.apana.org.au \
--cc=joey.gouly@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=vegard.nossum@oracle.com \
--cc=will@kernel.org \
--cc=zlang@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox