From patchwork Mon Aug 1 11:29:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 73102 Delivered-To: patch@linaro.org Received: by 10.140.29.52 with SMTP id a49csp2649797qga; Mon, 1 Aug 2016 04:31:28 -0700 (PDT) X-Received: by 10.98.91.197 with SMTP id p188mr95243120pfb.101.1470051088650; Mon, 01 Aug 2016 04:31:28 -0700 (PDT) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id ic6si1212960pad.210.2016.08.01.04.31.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Aug 2016 04:31:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.85_2 #1 (Red Hat Linux)) id 1bUBQW-0006zv-CP; Mon, 01 Aug 2016 11:30:32 +0000 Received: from mail-wm0-x232.google.com ([2a00:1450:400c:c09::232]) by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat Linux)) id 1bUBQS-0006NZ-V3 for linux-arm-kernel@lists.infradead.org; Mon, 01 Aug 2016 11:30:30 +0000 Received: by mail-wm0-x232.google.com with SMTP id i5so239614168wmg.0 for ; Mon, 01 Aug 2016 04:30:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=iQcMfq9KBXDlXiz6APgLZF4FVn7H/CgzenGA1YqiaYQ=; b=jogrSEfbWhSnqlKfJ5DpLk6GrnAFYc8MkEBTAOIM0W0SmMTHuew5qEPmsx/6vjVQiD vg5B6BdG465nLkJzip+F2sOCGhoyYNWKDCbytQS3HBU1uFoo7FtQGNg/x4KB29fuHiXc eju8eQzsqN4VYpw7MqjX9SoVOfqJGNrpK+aII= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=iQcMfq9KBXDlXiz6APgLZF4FVn7H/CgzenGA1YqiaYQ=; b=X2Li/2wr+RswNw64VH9JagZIHHhM+/yiHuSb0d6QJmxyBiRk6ywDHKqY9eqnRwBO2S ghkkSorjyfhPkp7crRgBlTmgBqOuOLXooJjlnb4j6t0SetFPUo5AJ3Ust5Z3rtC+d/db YL38TJHNkNOd+yT2oIaQ/cLJrmLKcKIrSSl1eLUJ5LzBQcOy4FeyfUIjsUH+xZtQ7+OI eFY48SuQXxamrdosmEJoZyrjmhACDJui4K0hR6aRs8zgg4bbgzrdWuqvGs6ws8+F/pD0 PmxMnlB5W8x5JA5FG4+PL/hPSi69gdF40hdzwFXtNnz/ybaPT5QUujn5dJl+Gx65KFxL g6LA== X-Gm-Message-State: AEkooutDNwwKDGAo//cW6MSVI85GPmHQSVoBiNy4jhV1ZOJC6he0SRAXrsPFjH/eWAc40FDj X-Received: by 10.28.209.14 with SMTP id i14mr20708759wmg.35.1470051007019; Mon, 01 Aug 2016 04:30:07 -0700 (PDT) Received: from localhost.localdomain (3.red-81-34-118.dynamicip.rima-tde.net. [81.34.118.3]) by smtp.gmail.com with ESMTPSA id gw4sm30077601wjc.45.2016.08.01.04.30.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 01 Aug 2016 04:30:06 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, zijun_hu@htc.com, catalin.marinas@arm.com, will.deacon@arm.com Subject: [PATCH] arm64: mm: avoid fdt_check_header() before the FDT is fully mapped Date: Mon, 1 Aug 2016 13:29:31 +0200 Message-Id: <1470050971-30103-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160801_043029_334264_FE7789C3 X-CRM114-Status: GOOD ( 13.16 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:400c:c09:0:0:0:232 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org As reported by Zijun, the fdt_check_header() call in __fixmap_remap_fdt() is not safe since it is not guaranteed that the FDT header is mapped completely. Due to the minimum alignment of 8 bytes, the only fields we can assume to be mapped are 'magic' and 'totalsize'. Since the OF layer is in charge of validating the FDT image, and we are only interested in making reasonably sure that the size field contains a meaningful value, replace the fdt_check_header() call with an explicit comparison of the magic field's value against the expected value. Reported-by: Zijun Hu Acked-by: Mark Rutland Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/mmu.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.7.4 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 0f85a46c3e18..3e90a2cad995 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -748,9 +748,9 @@ void *__init __fixmap_remap_fdt(phys_addr_t dt_phys, int *size, pgprot_t prot) /* * Check whether the physical FDT address is set and meets the minimum * alignment requirement. Since we are relying on MIN_FDT_ALIGN to be - * at least 8 bytes so that we can always access the size field of the - * FDT header after mapping the first chunk, double check here if that - * is indeed the case. + * at least 8 bytes so that we can always access the magic and size + * fields of the FDT header after mapping the first chunk, double check + * here if that is indeed the case. */ BUILD_BUG_ON(MIN_FDT_ALIGN < 8); if (!dt_phys || dt_phys % MIN_FDT_ALIGN) @@ -778,7 +778,7 @@ void *__init __fixmap_remap_fdt(phys_addr_t dt_phys, int *size, pgprot_t prot) create_mapping_noalloc(round_down(dt_phys, SWAPPER_BLOCK_SIZE), dt_virt_base, SWAPPER_BLOCK_SIZE, prot); - if (fdt_check_header(dt_virt) != 0) + if (fdt_magic(dt_virt) != FDT_MAGIC) return NULL; *size = fdt_totalsize(dt_virt);