Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1167088pxb; Fri, 21 Jan 2022 11:16:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJwmQdhGMGqBSTszOT3Ma2elwKoU0eeRMb/1qboY2nxRkk/Wo2MwDrkkK4FG5Q5SKTtwkm5D X-Received: by 2002:a17:902:c411:b0:14a:8f71:1f34 with SMTP id k17-20020a170902c41100b0014a8f711f34mr5477896plk.120.1642792598658; Fri, 21 Jan 2022 11:16:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642792598; cv=none; d=google.com; s=arc-20160816; b=n48fQSD22Sut07/6Sj6pB2Lt+t5woj3WP71xIA50dBp4TXACdyTIkYw6riemrf2Ky6 RXURE3spJSjCRO4OFRC0E4CoW2MxHS2DSn3OBgAQUsO20uBuF4n//2Bg95VNQr5FZbDc Ddaw9ki+RmDN+U+NYEBgPgxv2akXgyPzXe5dACwPUlukJCwL3tQ5Rk5ejD0gdufEpRxh o3f27w5RtVDr9gCsQUvXGCxqpQEjIwfJKfNxYxTrf/ZD5XQ2OSOp7XBAegpRxvvc0zYN 0Th7IO167MYXP/P2iJGKRaVtfL0xhOOAcGrTS2eklqGcPt4N8G5G2EDJIK5EqLqLnnDa EBnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:to:content-language:subject:user-agent:mime-version:date :message-id; bh=G4dV6bAfSAdjfNd3Dj40ln84NKos1nt/vZ+iCLSs4ls=; b=pDz4U7ULTYAB8N4SheGEWFqQMPJbJ7T+IDA1jjNjJPWy43xeuY9rZte5IDkkkzLLPH cfZcJ2M+69IUeiIbSbu6wyZYoMkD3OHWI5dpYX/BF4QVbyPnZ+KZR0qyBU8iNG3U0IO5 RdrRMkar8/w6VuTPJHBq69vlsz9fasuoRCoTt3nBX6y9PEYbNNkCLzOrxFDaMX1RngeP MC9nO3PkRkBGxHMIptTEHpFwE+Vcrd5MyGHClev3Jm1ajYQLHB5AAQJSqehI2U6uWyle vgUqCXbeUlh8srdo/nwwQ05eB0YXzWTCu9ueeL2nRCtAqRLmb9JAAX8trtbEBQgFPaLu MYqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p17si1951816pge.607.2022.01.21.11.16.26; Fri, 21 Jan 2022 11:16:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354811AbiASN2X (ORCPT + 99 others); Wed, 19 Jan 2022 08:28:23 -0500 Received: from foss.arm.com ([217.140.110.172]:56514 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350345AbiASN2V (ORCPT ); Wed, 19 Jan 2022 08:28:21 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 00E38ED1; Wed, 19 Jan 2022 05:28:21 -0800 (PST) Received: from [10.57.67.190] (unknown [10.57.67.190]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1F94E3F73D; Wed, 19 Jan 2022 05:28:18 -0800 (PST) Message-ID: Date: Wed, 19 Jan 2022 13:28:14 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH] vmap(): don't allow invalid pages Content-Language: en-GB To: Yury Norov , Catalin Marinas , Will Deacon , Andrew Morton , Nicholas Piggin , Ding Tianhong , Anshuman Khandual , Matthew Wilcox , Alexey Klimov , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org References: <20220118235244.540103-1-yury.norov@gmail.com> From: Robin Murphy In-Reply-To: <20220118235244.540103-1-yury.norov@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022-01-18 23:52, Yury Norov wrote: > vmap() takes struct page *pages as one of arguments, and user may provide > an invalid pointer which would lead to DABT at address translation later. > > Currently, kernel checks the pages against NULL. In my case, however, the > address was not NULL, and was big enough so that the hardware generated > Address Size Abort on arm64. > > Interestingly, this abort happens even if copy_from_kernel_nofault() is > used, which is quite inconvenient for debugging purposes. > > This patch adds a pfn_valid() check into vmap() path, so that invalid > mapping will not be created. > > RFC: https://lkml.org/lkml/2022/1/18/815 > v1: use pfn_valid() instead of adding an arch-specific > arch_vmap_page_valid(). Thanks to Matthew Wilcox for the hint. > > Signed-off-by: Yury Norov > --- > mm/vmalloc.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index d2a00ad4e1dd..a4134ee56b10 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -477,6 +477,8 @@ static int vmap_pages_pte_range(pmd_t *pmd, unsigned long addr, > return -EBUSY; > if (WARN_ON(!page)) > return -ENOMEM; > + if (WARN_ON(!pfn_valid(page_to_pfn(page)))) Is it page_to_pfn() guaranteed to work without blowing up if page is invalid in the first place? Looking at the CONFIG_SPARSEMEM case I'm not sure that's true... Robin. > + return -EINVAL; > set_pte_at(&init_mm, addr, pte, mk_pte(page, prot)); > (*nr)++; > } while (pte++, addr += PAGE_SIZE, addr != end);