The physical address may exceed 32 bits on ARM(when ARM_LPAE enabled), use PFN_PHYS() in devmem_is_allowed(), or the physical address may overflow and be truncated.
This bug was initially introduced from v2.6.37, and the function was moved to lib when v5.11.
Fixes: 087aaffcdf9c ("ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem") Fixes: 527701eda5f1 ("lib: Add a generic version of devmem_is_allowed()") Cc: stable@vger.kernel.org # v2.6.37 Signed-off-by: Liang Wang wangliang101@huawei.com --- v2: update subject and changelog lib/devmem_is_allowed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/devmem_is_allowed.c b/lib/devmem_is_allowed.c index c0d67c541849..60be9e24bd57 100644 --- a/lib/devmem_is_allowed.c +++ b/lib/devmem_is_allowed.c @@ -19,7 +19,7 @@ */ int devmem_is_allowed(unsigned long pfn) { - if (iomem_is_exclusive(pfn << PAGE_SHIFT)) + if (iomem_is_exclusive(PFN_PHYS(pfn))) return 0; if (!page_is_ram(pfn)) return 1;
On Fri, Jul 30, 2021 at 03:43:15PM +0800, Liang Wang wrote:
The physical address may exceed 32 bits on ARM(when ARM_LPAE enabled), use PFN_PHYS() in devmem_is_allowed(),
First off, good catch!
This should not be ARM specific, this should just say:
on 32-bit systems with more than 32 bits of physcial address
Also, towards then end then explain that in practice, yes, this is probably just ARM which is affected. By explaining this, it ensures folks are aware of the affected systems.
May be good to refer to commit 947d0496cf3e1 ("generic: make PFN_PHYS explicitly return phys_addr_t") which added the original PFN_PHYS() casting to phys_addr_t to resolve the same problem.
or the physical address may overflow and be truncated.
Indeed. How did you find this issue? Can you describe that in the commit log? Was it a real world issue or did you do just code inspection? Or was there a bot which helped you?
This bug was initially introduced from v2.6.37, and the function was moved to lib when v5.11.
Fixes: 087aaffcdf9c ("ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem") Fixes: 527701eda5f1 ("lib: Add a generic version of devmem_is_allowed()") Cc: stable@vger.kernel.org # v2.6.37 Signed-off-by: Liang Wang wangliang101@huawei.com
Other than that:
Reviewed-by: Luis Chamberlain mcgrof@kernel.org
Luis
I'm glad to get the reply. I found this problem not only with the arm, but also with the x86. Is it good to fixed both in only one patch? I found this problem in actual work. When CONFIG_STRICT_DEVMEM is enabled on the ARM and devmem is used to map a high address that is not in the iomem address range, an unexpected error indicating no permission is returned. Then i find the bug.
-----邮件原件----- 发件人: Luis Chamberlain [mailto:mcgrof@infradead.org] 代表 Luis Chamberlain 发送时间: 2021年7月31日 3:37 收件人: wangliang (C) wangliang101@huawei.com 抄送: palmerdabbelt@google.com; linux-kernel@vger.kernel.org; gregkh@linuxfoundation.org; linux@armlinux.org.uk; linux-arm-kernel@lists.infradead.org; stable@vger.kernel.org; Wangle (RTOS FAE) wangle6@huawei.com; Chenxin (RTOS) kepler.chenxin@huawei.com; Nixiaoming nixiaoming@huawei.com; Wangkefeng (OS Kernel Lab) wangkefeng.wang@huawei.com 主题: Re: [PATCH v2] lib: Use PFN_PHYS() in devmem_is_allowed()
On Fri, Jul 30, 2021 at 03:43:15PM +0800, Liang Wang wrote:
The physical address may exceed 32 bits on ARM(when ARM_LPAE enabled), use PFN_PHYS() in devmem_is_allowed(),
First off, good catch!
This should not be ARM specific, this should just say:
on 32-bit systems with more than 32 bits of physcial address
Also, towards then end then explain that in practice, yes, this is probably just ARM which is affected. By explaining this, it ensures folks are aware of the affected systems.
May be good to refer to commit 947d0496cf3e1 ("generic: make PFN_PHYS explicitly return phys_addr_t") which added the original PFN_PHYS() casting to phys_addr_t to resolve the same problem.
or the physical address may overflow and be truncated.
Indeed. How did you find this issue? Can you describe that in the commit log? Was it a real world issue or did you do just code inspection? Or was there a bot which helped you?
This bug was initially introduced from v2.6.37, and the function was moved to lib when v5.11.
Fixes: 087aaffcdf9c ("ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem") Fixes: 527701eda5f1 ("lib: Add a generic version of devmem_is_allowed()") Cc: stable@vger.kernel.org # v2.6.37 Signed-off-by: Liang Wang wangliang101@huawei.com
Other than that:
Reviewed-by: Luis Chamberlain mcgrof@kernel.org
Luis
linux-stable-mirror@lists.linaro.org
-
Liang Wang -
Luis Chamberlain -
wangliang (C)