Re: [PATCH] pstore: fix incorrect persistent ram buffer mapping
From: Kees Cook
Date: Wed Sep 12 2018 - 13:45:01 EST
On Tue, Sep 11, 2018 at 8:36 PM, Bin Yang <bin.yang@xxxxxxxxx> wrote:
> persistent_ram_vmap() returns the page start vaddr.
> persistent_ram_iomap() supports non-page-aligned mapping.
Oh, yes, good catch. This should probably be explicitly mentioned in
comments for these functions.
> persistent_ram_buffer_map() always adds offset-in-page to the vaddr
> returned from these two functions, which causes incorrect mapping of
> non-page-aligned persistent ram buffer.
How did you find this problem, and/or how was the problem manifesting?
> Signed-off-by: Bin Yang <bin.yang@xxxxxxxxx>
> ---
> fs/pstore/ram_core.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/fs/pstore/ram_core.c b/fs/pstore/ram_core.c
> index 951a14e..7c05fdd 100644
> --- a/fs/pstore/ram_core.c
> +++ b/fs/pstore/ram_core.c
> @@ -429,7 +429,7 @@ static void *persistent_ram_vmap(phys_addr_t start, size_t size,
> vaddr = vmap(pages, page_count, VM_MAP, prot);
> kfree(pages);
>
> - return vaddr;
> + return vaddr + offset_in_page(start);
> }
>
> static void *persistent_ram_iomap(phys_addr_t start, size_t size,
> @@ -468,7 +468,7 @@ static int persistent_ram_buffer_map(phys_addr_t start, phys_addr_t size,
> return -ENOMEM;
> }
>
> - prz->buffer = prz->vaddr + offset_in_page(start);
> + prz->buffer = prz->vaddr;
> prz->buffer_size = size - sizeof(struct persistent_ram_buffer);
>
> return 0;
> @@ -515,7 +515,7 @@ void persistent_ram_free(struct persistent_ram_zone *prz)
>
> if (prz->vaddr) {
> if (pfn_valid(prz->paddr >> PAGE_SHIFT)) {
> - vunmap(prz->vaddr);
> + vunmap(prz->vaddr - offset_in_page(prz->paddr));
> } else {
> iounmap(prz->vaddr);
> release_mem_region(prz->paddr, prz->size);
> --
> 2.7.4
>
Regardless, yes, this patch looks correct. Thanks! I'll add it to my tree.
-Kees
--
Kees Cook
Pixel Security