From: Li Zhengyu <lizhengyu3@huawei.com>
To: <palmer@dabbelt.com>, <liaochang1@huawei.com>
Cc: <alex@ghiti.fr>, <aou@eecs.berkeley.edu>, <bjorn.topel@gmail.com>,
<ebiederm@xmission.com>, <guoren@linux.alibaba.com>,
<jszhang@kernel.org>, <kexec@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, <linux-riscv@lists.infradead.org>,
<mick@ics.forth.gr>, <paul.walmsley@sifive.com>,
<penberg@kernel.org>, <sunnanyong@huawei.com>,
<wangkefeng.wang@huawei.com>
Subject: [PATCH v3 -next 2/6] RISC-V: use memcpy for kexec_file mode
Date: Fri, 8 Apr 2022 18:09:10 +0800 [thread overview]
Message-ID: <20220408100914.150110-3-lizhengyu3@huawei.com> (raw)
In-Reply-To: <20220408100914.150110-1-lizhengyu3@huawei.com>
From: Liao Chang <liaochang1@huawei.com>
The pointer to buffer loading kernel binaries is in kernel space for
kexec_fil mode, When copy_from_user copies data from pointer to a block
of memory, it checkes that the pointer is in the user space range, on
RISCV-V that is:
static inline bool __access_ok(unsigned long addr, unsigned long size)
{
return size <= TASK_SIZE && addr <= TASK_SIZE - size;
}
and TASK_SIZE is 0x4000000000 for 64-bits, which now causes
copy_from_user to reject the access of the field 'buf' of struct
kexec_segment that is in range [CONFIG_PAGE_OFFSET - VMALLOC_SIZE,
CONFIG_PAGE_OFFSET), is invalid user space pointer.
This patch fixes this issue by skipping access_ok(), use mempcy() instead.
Signed-off-by: Liao Chang <liaochang1@huawei.com>
---
arch/riscv/kernel/machine_kexec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_kexec.c
index cbef0fc73afa..df8e24559035 100644
--- a/arch/riscv/kernel/machine_kexec.c
+++ b/arch/riscv/kernel/machine_kexec.c
@@ -65,7 +65,9 @@ machine_kexec_prepare(struct kimage *image)
if (image->segment[i].memsz <= sizeof(fdt))
continue;
- if (copy_from_user(&fdt, image->segment[i].buf, sizeof(fdt)))
+ if (image->file_mode)
+ memcpy(&fdt, image->segment[i].buf, sizeof(fdt));
+ else if (copy_from_user(&fdt, image->segment[i].buf, sizeof(fdt)))
continue;
if (fdt_check_header(&fdt))
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Li Zhengyu <lizhengyu3@huawei.com>
To: <palmer@dabbelt.com>, <liaochang1@huawei.com>
Cc: <alex@ghiti.fr>, <aou@eecs.berkeley.edu>, <bjorn.topel@gmail.com>,
<ebiederm@xmission.com>, <guoren@linux.alibaba.com>,
<jszhang@kernel.org>, <kexec@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, <linux-riscv@lists.infradead.org>,
<mick@ics.forth.gr>, <paul.walmsley@sifive.com>,
<penberg@kernel.org>, <sunnanyong@huawei.com>,
<wangkefeng.wang@huawei.com>
Subject: [PATCH v3 -next 2/6] RISC-V: use memcpy for kexec_file mode
Date: Fri, 8 Apr 2022 18:09:10 +0800 [thread overview]
Message-ID: <20220408100914.150110-3-lizhengyu3@huawei.com> (raw)
In-Reply-To: <20220408100914.150110-1-lizhengyu3@huawei.com>
From: Liao Chang <liaochang1@huawei.com>
The pointer to buffer loading kernel binaries is in kernel space for
kexec_fil mode, When copy_from_user copies data from pointer to a block
of memory, it checkes that the pointer is in the user space range, on
RISCV-V that is:
static inline bool __access_ok(unsigned long addr, unsigned long size)
{
return size <= TASK_SIZE && addr <= TASK_SIZE - size;
}
and TASK_SIZE is 0x4000000000 for 64-bits, which now causes
copy_from_user to reject the access of the field 'buf' of struct
kexec_segment that is in range [CONFIG_PAGE_OFFSET - VMALLOC_SIZE,
CONFIG_PAGE_OFFSET), is invalid user space pointer.
This patch fixes this issue by skipping access_ok(), use mempcy() instead.
Signed-off-by: Liao Chang <liaochang1@huawei.com>
---
arch/riscv/kernel/machine_kexec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_kexec.c
index cbef0fc73afa..df8e24559035 100644
--- a/arch/riscv/kernel/machine_kexec.c
+++ b/arch/riscv/kernel/machine_kexec.c
@@ -65,7 +65,9 @@ machine_kexec_prepare(struct kimage *image)
if (image->segment[i].memsz <= sizeof(fdt))
continue;
- if (copy_from_user(&fdt, image->segment[i].buf, sizeof(fdt)))
+ if (image->file_mode)
+ memcpy(&fdt, image->segment[i].buf, sizeof(fdt));
+ else if (copy_from_user(&fdt, image->segment[i].buf, sizeof(fdt)))
continue;
if (fdt_check_header(&fdt))
--
2.17.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: Li Zhengyu <lizhengyu3@huawei.com>
To: kexec@lists.infradead.org
Subject: [PATCH v3 -next 2/6] RISC-V: use memcpy for kexec_file mode
Date: Fri, 8 Apr 2022 18:09:10 +0800 [thread overview]
Message-ID: <20220408100914.150110-3-lizhengyu3@huawei.com> (raw)
In-Reply-To: <20220408100914.150110-1-lizhengyu3@huawei.com>
From: Liao Chang <liaochang1@huawei.com>
The pointer to buffer loading kernel binaries is in kernel space for
kexec_fil mode, When copy_from_user copies data from pointer to a block
of memory, it checkes that the pointer is in the user space range, on
RISCV-V that is:
static inline bool __access_ok(unsigned long addr, unsigned long size)
{
return size <= TASK_SIZE && addr <= TASK_SIZE - size;
}
and TASK_SIZE is 0x4000000000 for 64-bits, which now causes
copy_from_user to reject the access of the field 'buf' of struct
kexec_segment that is in range [CONFIG_PAGE_OFFSET - VMALLOC_SIZE,
CONFIG_PAGE_OFFSET), is invalid user space pointer.
This patch fixes this issue by skipping access_ok(), use mempcy() instead.
Signed-off-by: Liao Chang <liaochang1@huawei.com>
---
arch/riscv/kernel/machine_kexec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_kexec.c
index cbef0fc73afa..df8e24559035 100644
--- a/arch/riscv/kernel/machine_kexec.c
+++ b/arch/riscv/kernel/machine_kexec.c
@@ -65,7 +65,9 @@ machine_kexec_prepare(struct kimage *image)
if (image->segment[i].memsz <= sizeof(fdt))
continue;
- if (copy_from_user(&fdt, image->segment[i].buf, sizeof(fdt)))
+ if (image->file_mode)
+ memcpy(&fdt, image->segment[i].buf, sizeof(fdt));
+ else if (copy_from_user(&fdt, image->segment[i].buf, sizeof(fdt)))
continue;
if (fdt_check_header(&fdt))
--
2.17.1
next prev parent reply other threads:[~2022-04-08 10:12 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-08 10:09 [PATCH v3 -next 0/6] riscv: kexec: add kexec_file_load() support Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` [PATCH v3 -next 1/6] kexec_file: Fix kexec_file.c build error for riscv platform Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-05-20 15:45 ` Palmer Dabbelt
2022-05-20 15:45 ` Palmer Dabbelt
2022-05-20 15:45 ` Palmer Dabbelt
2022-05-22 3:07 ` Baoquan He
2022-05-22 3:07 ` Baoquan He
2022-05-22 3:07 ` Baoquan He
2022-04-08 10:09 ` Li Zhengyu [this message]
2022-04-08 10:09 ` [PATCH v3 -next 2/6] RISC-V: use memcpy for kexec_file mode Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` [PATCH v3 -next 3/6] RISC-V: Add kexec_file support Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` [PATCH v3 -next 4/6] RISC-V: Support for kexec_file on panic Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` [PATCH v3 -next 5/6] RISC-V: Add purgatory Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` [PATCH v3 -next 6/6] RISC-V: Load purgatory in kexec_file Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-08 10:09 ` Li Zhengyu
2022-04-21 3:15 ` [PATCH v3 -next 0/6] riscv: kexec: add kexec_file_load() support lizhengyu (E)
2022-04-21 3:15 ` lizhengyu
2022-04-21 3:15 ` lizhengyu (E)
2022-05-19 8:26 ` lizhengyu (E)
2022-05-19 8:26 ` lizhengyu
2022-05-19 8:26 ` lizhengyu (E)
2022-05-20 15:45 ` Palmer Dabbelt
2022-05-20 15:45 ` Palmer Dabbelt
2022-05-20 15:45 ` Palmer Dabbelt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220408100914.150110-3-lizhengyu3@huawei.com \
--to=lizhengyu3@huawei.com \
--cc=alex@ghiti.fr \
--cc=aou@eecs.berkeley.edu \
--cc=bjorn.topel@gmail.com \
--cc=ebiederm@xmission.com \
--cc=guoren@linux.alibaba.com \
--cc=jszhang@kernel.org \
--cc=kexec@lists.infradead.org \
--cc=liaochang1@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=mick@ics.forth.gr \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=penberg@kernel.org \
--cc=sunnanyong@huawei.com \
--cc=wangkefeng.wang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.