Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3580335pxb; Mon, 25 Jan 2021 22:13:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJzLmX3UC6OrGegkH4YmRPBzA3RTTdzq98cjhcUQEUPBrE5OgbivXeibIDEssycPhUSx/edh X-Received: by 2002:a17:906:490d:: with SMTP id b13mr2464393ejq.307.1611641590791; Mon, 25 Jan 2021 22:13:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611641590; cv=none; d=google.com; s=arc-20160816; b=HB1+QtjHq5ZxnlHyEtka43SAFslhCCofBvMoTELVIBRagWHGEeThFPb3eTdjYdxTaQ m9UNbIMRBh2jUbz8WkvOghN9uXXnSvYSfRwVyWmqD7Kj1VPXr2VC62qYjZ112/5Q3Epm kCaJYxPyw4y3SOHPwyuu7ijZHS9G9ImA9O5Yr18wbuiKQMtWD3f12XTY0McfOt4RwHVh 8LD2trEMlla32FOtsLm9l7solQdPecDewuh8SXGy6aiia9jrx1QeKUSA4ohQT2MCJ4eU e4oC+wu4G8V6v0vlQrQwDx4cZRZlzFlnZ0wNDZk040PcqIWaJ76Vw/tu2WkG9SF4B3uv 9p9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=5RpuWorZpeUrFktYMPbx1BE1XJ2XBefofvkizCyggQo=; b=PlA4ea8+CpVeYzGiJcggaWvooSBvV4rvl0amDEeVvq83lyT1o2ZTn6uf26IKUA8ZGE 4wXiVDjGiAkXRBIvS/w0Ykaoi+TWSCOHe4XOfL3iewzEFCE7ufXkMB53sy7MUGIMCqC9 SeKglkzOV885GUxzZd0ESiUNYX8r2XTVKZVhYdBb+Ca0HejdnIm9hnkCxPWgDBb8s0LN YJQkZF++UocguF3Uh8rDc9qAwjhi6kV2rCA8aZ8H7kMLBPAC5MT+q18visomcLo6Por1 iZZj+OB177++iQXyKLnrX60UWADhz7EKmKy06dXYH0UB1X/HuV04ks/rPM7nUMMUJ39W exNg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id lt6si6627535ejb.133.2021.01.25.22.12.47; Mon, 25 Jan 2021 22:13:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728823AbhAZGKG (ORCPT + 99 others); Tue, 26 Jan 2021 01:10:06 -0500 Received: from foss.arm.com ([217.140.110.172]:47072 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728486AbhAYNDj (ORCPT ); Mon, 25 Jan 2021 08:03:39 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9A65411FB; Mon, 25 Jan 2021 05:02:18 -0800 (PST) Received: from C02TD0UTHF1T.local (unknown [10.57.45.22]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1EA8B3F66E; Mon, 25 Jan 2021 05:02:15 -0800 (PST) Date: Mon, 25 Jan 2021 13:02:04 +0000 From: Mark Rutland To: Vincenzo Frascino Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Leon Romanovsky , Andrey Konovalov , Catalin Marinas , Will Deacon , "Paul E . McKenney" , Naresh Kamboju Subject: Re: [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() Message-ID: <20210125130204.GA4565@C02TD0UTHF1T.local> References: <20210122155642.23187-1-vincenzo.frascino@arm.com> <20210122155642.23187-2-vincenzo.frascino@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210122155642.23187-2-vincenzo.frascino@arm.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Vincenzo, On Fri, Jan 22, 2021 at 03:56:40PM +0000, Vincenzo Frascino wrote: > Currently, the __is_lm_address() check just masks out the top 12 bits > of the address, but if they are 0, it still yields a true result. > This has as a side effect that virt_addr_valid() returns true even for > invalid virtual addresses (e.g. 0x0). > > Improve the detection checking that it's actually a kernel address > starting at PAGE_OFFSET. > > Cc: Catalin Marinas > Cc: Will Deacon > Suggested-by: Catalin Marinas > Reviewed-by: Catalin Marinas > Signed-off-by: Vincenzo Frascino Looking around, it seems that there are some existing uses of virt_addr_valid() that expect it to reject addresses outside of the TTBR1 range. For example, check_mem_type() in drivers/tee/optee/call.c. Given that, I think we need something that's easy to backport to stable. This patch itself looks fine, but it's not going to backport very far, so I suspect we might need to write a preparatory patch that adds an explicit range check to virt_addr_valid() which can be trivially backported. For this patch: Acked-by: Mark Rutland Thanks, Mark. > --- > arch/arm64/include/asm/memory.h | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h > index 18fce223b67b..99d7e1494aaa 100644 > --- a/arch/arm64/include/asm/memory.h > +++ b/arch/arm64/include/asm/memory.h > @@ -247,9 +247,11 @@ static inline const void *__tag_set(const void *addr, u8 tag) > > > /* > - * The linear kernel range starts at the bottom of the virtual address space. > + * Check whether an arbitrary address is within the linear map, which > + * lives in the [PAGE_OFFSET, PAGE_END) interval at the bottom of the > + * kernel's TTBR1 address range. > */ > -#define __is_lm_address(addr) (((u64)(addr) & ~PAGE_OFFSET) < (PAGE_END - PAGE_OFFSET)) > +#define __is_lm_address(addr) (((u64)(addr) ^ PAGE_OFFSET) < (PAGE_END - PAGE_OFFSET)) > > #define __lm_to_phys(addr) (((addr) & ~PAGE_OFFSET) + PHYS_OFFSET) > #define __kimg_to_phys(addr) ((addr) - kimage_voffset) > -- > 2.30.0 >