Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp810277iob;
        Wed, 18 May 2022 13:34:10 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyeUK+yzhPknfLiKZrefQplM2GHQRRciWuxWlvRh5E/gK7Fse1JbDabzXpXjzM3nlTKA0Wo
X-Received: by 2002:a17:90b:1bc7:b0:1dc:9781:85be with SMTP id oa7-20020a17090b1bc700b001dc978185bemr1844620pjb.1.1652906050536;
        Wed, 18 May 2022 13:34:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652906050; cv=none;
        d=google.com; s=arc-20160816;
        b=y0Pzd0ZcCM9ToTK/KGvxhqtD6fTL4daZQqw1xmoNRmzXKszwgZoZnSuMb3oWyd6M+w
         1jZolYCo47m6Zs/pL4SLQzF2ghtY6sB1c4KGYMlFMZycUz24MsLRsSKfwfmvvyLF+a/L
         3/FN7UWyEKZCST7NuEPSVeRHwOOL8MHLRiAKkgFSwa9xU5KRipzBd24pgRiaeR1xZtoc
         z3Agw17y+SD5UdcuX4r9jTzH4qX6sqBAVF2Q0LzEyS6aVf4k8jFEKDouxjGLXmgDMD/U
         m/Md7UQSOhbYUIIiWqyVTLpQZxZf6/kIMzarW6Spx3NhY+iWgULWMcy+Q2CrCHSp0od8
         kgZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature:dkim-filter;
        bh=8k/Z9Q7iTR6kKI9udfgvXsP0KxNS8bW1JB5O3rM+Sto=;
        b=mgxcJJi8bnHAGy+B+3VdXrjA6NnhIgBer2Jt/9n0Eo4YRAsmQ01g3TnQ49L5Vw6Z1T
         L+0yAiHJC46V9/Fcsy4/lcRo8Mq8LfE3WdblPmgXY9+cJPpSs5CDpCtftljRUWFC91Y9
         9sgCrDgOhYShKEnlButv8cElljAkmHBIYtZk8fHRaj4Td0IqHKtVkxHmy7J+30PEV1Tz
         Uxno+rHLdAr2OH9IDad8gdq+ccBfqffw9o2IKELFVhUNL03srbulhwUOrcK02IbBy0FR
         qen+6Mx8Gy6J+R1hlszIPCjwyvdGZOyCpNvPihrlxTznrhc7uLOU1yUeRx3QKJM2Y1Gk
         baAA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=byjirW5n;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id ko18-20020a17090b171200b001c7511dc330si7154556pjb.167.2022.05.18.13.34.10
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 18 May 2022 13:34:10 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=byjirW5n;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 43E0C104CB6;
	Wed, 18 May 2022 13:31:35 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242489AbiERUaz (ORCPT <rfc822;recursive.nomad@gmail.com>
        + 99 others); Wed, 18 May 2022 16:30:55 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50374 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242453AbiERUaw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 18 May 2022 16:30:52 -0400
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id A371E319;
        Wed, 18 May 2022 13:30:50 -0700 (PDT)
Received: from [10.137.112.111] (unknown [131.107.147.111])
        by linux.microsoft.com (Postfix) with ESMTPSA id 2B88B20ECB86;
        Wed, 18 May 2022 13:30:50 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2B88B20ECB86
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1652905850;
        bh=8k/Z9Q7iTR6kKI9udfgvXsP0KxNS8bW1JB5O3rM+Sto=;
        h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
        b=byjirW5nho09sxKL6P88ax1uBV0kNKXenC+osQyUvxXod4gmeMaAOnELHP4IoLd8W
         EHCAwMQ4wUxitdy5dulrOiKQszIGSUXPdr7reU82Py1L/IQQ2Lst6+il/D9d/3ND6A
         NMTXUyzqq9i+3lYWTHanpB/CSgawN7xlG5ydCYOo=
Message-ID: <83e757fe-5269-693b-ee8c-c5186ea5fcdd@linux.microsoft.com>
Date:   Wed, 18 May 2022 13:30:49 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.9.0
Subject: Re: [PATCH] powerpc: check previous kernel's ima-kexec-buffer against
 memory bounds
Content-Language: en-US
To:     Vaibhav Jain <vaibhav@linux.ibm.com>,
        linuxppc-dev@lists.ozlabs.org, devicetree@vger.kernel.org,
        linux-kernel@vger.kernel.org
Cc:     Frank Rowand <frowand.list@gmail.com>,
        Prakhar Srivastava <prsriva@linux.microsoft.com>,
        Rob Herring <robh@kernel.org>,
        Mimi Zohar <zohar@linux.ibm.com>, nramas@linux.microsoft.com
References: <20220518200547.655788-1-vaibhav@linux.ibm.com>
From:   Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
In-Reply-To: <20220518200547.655788-1-vaibhav@linux.ibm.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE,
	T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Vaibhav,

On 5/18/2022 1:05 PM, Vaibhav Jain wrote:
> Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
> ima-kexec-buffer lies outside the addressable memory range. This can result
> in a kernel panic if the new kernel is booted with 'mem=X' arg and the
> ima-kexec-buffer was allocated beyond that range by the previous kernel.

Thanks for providing this patch.

> Fix this issue by checking returned address/size of previous kernel's
> ima-kexec-buffer against memblock's memory bounds.
> 
> Fixes: fee3ff99bc67("powerpc: Move arch independent ima kexec functions to
> drivers/of/kexec.c")
> 
> Cc: Frank Rowand <frowand.list@gmail.com>
> Cc: Prakhar Srivastava <prsriva@linux.microsoft.com>
> Cc: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> Cc: Thiago Jung Bauermann <bauerman@linux.ibm.com>
> Cc: Rob Herring <robh@kernel.org>
> Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
> ---
>   drivers/of/kexec.c | 7 +++++++
>   1 file changed, 7 insertions(+)
> 
> diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
> index b9bd1cff1793..c73007eda52d 100644
> --- a/drivers/of/kexec.c
> +++ b/drivers/of/kexec.c
> @@ -140,6 +140,13 @@ int ima_get_kexec_buffer(void **addr, size_t *size)
>   	if (ret)
>   		return ret;
>   
> +	/* if the ima-kexec-buffer goes beyond the addressable memory */
> +	if (!memblock_is_region_memory(tmp_addr, tmp_size)) {
> +		pr_warn("IMA buffer at 0x%lx, size = 0x%zx beyond memory\n",
> +			tmp_addr, tmp_size);
> +		return -EINVAL;
> +	}
> +
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>

>   	*addr = __va(tmp_addr);
>   	*size = tmp_size;
>