From: Nathan Lynch <nathanl@linux.ibm.com> To: Michael Ellerman <mpe@ellerman.id.au>, Nicholas Piggin <npiggin@gmail.com>, Christophe Leroy <christophe.leroy@csgroup.eu> Cc: linuxppc-dev@lists.ozlabs.org, Tyrel Datwyler <tyreld@linux.ibm.com>, Scott Cheloha <cheloha@linux.ibm.com>, Andrew Donnellan <ajd@linux.ibm.com>, Nick Child <nnac123@linux.ibm.com>, Laurent Dufour <ldufour@linux.ibm.com>, Nathan Lynch <nathanl@linux.ibm.com> Subject: [PATCH 2/8] powerpc/rtas: use memmove for potentially overlapping buffer copy Date: Mon, 06 Mar 2023 15:33:41 -0600 [thread overview] Message-ID: <20230220-rtas-queue-for-6-4-v1-2-010e4416f13f@linux.ibm.com> (raw) In-Reply-To: <20230220-rtas-queue-for-6-4-v1-0-010e4416f13f@linux.ibm.com> Using memcpy() isn't safe when buf is identical to rtas_err_buf, which can happen during boot before slab is up. Full context which may not be obvious from the diff: if (altbuf) { buf = altbuf; } else { buf = rtas_err_buf; if (slab_is_available()) buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC); } if (buf) memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); This was found by inspection and I'm not aware of it causing problems in practice. It appears to have been introduced by commit 033ef338b6e0 ("powerpc: Merge rtas.c into arch/powerpc/kernel"); the old ppc64 version of this code did not have this problem. Use memmove() instead. Fixes: 033ef338b6e0 ("powerpc: Merge rtas.c into arch/powerpc/kernel") Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com> --- arch/powerpc/kernel/rtas.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c index 31175b34856a..9256cfaa8b6f 100644 --- a/arch/powerpc/kernel/rtas.c +++ b/arch/powerpc/kernel/rtas.c @@ -981,7 +981,7 @@ static char *__fetch_rtas_last_error(char *altbuf) buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC); } if (buf) - memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); + memmove(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); } return buf; -- 2.39.1
WARNING: multiple messages have this Message-ID (diff)
From: Nathan Lynch via B4 Relay <devnull+nathanl.linux.ibm.com@kernel.org> To: Michael Ellerman <mpe@ellerman.id.au>, Nicholas Piggin <npiggin@gmail.com>, Christophe Leroy <christophe.leroy@csgroup.eu> Cc: Nathan Lynch <nathanl@linux.ibm.com>, Tyrel Datwyler <tyreld@linux.ibm.com>, Nick Child <nnac123@linux.ibm.com>, Andrew Donnellan <ajd@linux.ibm.com>, Scott Cheloha <cheloha@linux.ibm.com>, Laurent Dufour <ldufour@linux.ibm.com>, linuxppc-dev@lists.ozlabs.org Subject: [PATCH 2/8] powerpc/rtas: use memmove for potentially overlapping buffer copy Date: Mon, 06 Mar 2023 15:33:41 -0600 [thread overview] Message-ID: <20230220-rtas-queue-for-6-4-v1-2-010e4416f13f@linux.ibm.com> (raw) In-Reply-To: <20230220-rtas-queue-for-6-4-v1-0-010e4416f13f@linux.ibm.com> From: Nathan Lynch <nathanl@linux.ibm.com> Using memcpy() isn't safe when buf is identical to rtas_err_buf, which can happen during boot before slab is up. Full context which may not be obvious from the diff: if (altbuf) { buf = altbuf; } else { buf = rtas_err_buf; if (slab_is_available()) buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC); } if (buf) memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); This was found by inspection and I'm not aware of it causing problems in practice. It appears to have been introduced by commit 033ef338b6e0 ("powerpc: Merge rtas.c into arch/powerpc/kernel"); the old ppc64 version of this code did not have this problem. Use memmove() instead. Fixes: 033ef338b6e0 ("powerpc: Merge rtas.c into arch/powerpc/kernel") Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com> --- arch/powerpc/kernel/rtas.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c index 31175b34856a..9256cfaa8b6f 100644 --- a/arch/powerpc/kernel/rtas.c +++ b/arch/powerpc/kernel/rtas.c @@ -981,7 +981,7 @@ static char *__fetch_rtas_last_error(char *altbuf) buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC); } if (buf) - memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); + memmove(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); } return buf; -- 2.39.1
next prev parent reply other threads:[~2023-03-06 21:33 UTC|newest] Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-03-06 21:33 [PATCH 0/8] RTAS changes for 6.4 Nathan Lynch via B4 Relay 2023-03-06 21:33 ` Nathan Lynch 2023-03-06 21:33 ` [PATCH 1/8] powerpc/rtas: ensure 8-byte alignment for struct rtas_args Nathan Lynch 2023-03-06 21:33 ` Nathan Lynch via B4 Relay 2023-03-23 4:00 ` Andrew Donnellan 2023-03-06 21:33 ` Nathan Lynch [this message] 2023-03-06 21:33 ` [PATCH 2/8] powerpc/rtas: use memmove for potentially overlapping buffer copy Nathan Lynch via B4 Relay 2023-03-23 4:09 ` Andrew Donnellan 2023-03-06 21:33 ` [PATCH 3/8] powerpc/rtas: rtas_call_unlocked() kerneldoc Nathan Lynch via B4 Relay 2023-03-06 21:33 ` Nathan Lynch 2023-03-23 4:15 ` Andrew Donnellan 2023-03-06 21:33 ` [PATCH 4/8] powerpc/rtas: fix miswording in rtas_function kerneldoc Nathan Lynch via B4 Relay 2023-03-06 21:33 ` Nathan Lynch 2023-03-23 0:17 ` Andrew Donnellan 2023-03-06 21:33 ` [PATCH 5/8] powerpc/rtas: rename va_rtas_call_unlocked() to va_rtas_call() Nathan Lynch 2023-03-06 21:33 ` Nathan Lynch via B4 Relay 2023-03-23 4:17 ` Andrew Donnellan 2023-03-23 16:11 ` Nathan Lynch 2023-03-29 12:24 ` Michael Ellerman 2023-03-06 21:33 ` [PATCH 6/8] powerpc/rtas: lockdep annotations Nathan Lynch 2023-03-06 21:33 ` Nathan Lynch via B4 Relay 2023-03-23 6:01 ` Andrew Donnellan 2023-03-06 21:33 ` [PATCH 7/8] powerpc/rtas: warn on unsafe argument to rtas_call_unlocked() Nathan Lynch via B4 Relay 2023-03-06 21:33 ` Nathan Lynch 2023-03-23 4:25 ` Andrew Donnellan 2023-03-23 12:17 ` Nathan Lynch 2023-03-24 0:56 ` Nathan Lynch 2023-03-29 12:20 ` Michael Ellerman 2023-03-29 16:23 ` Nathan Lynch 2023-03-06 21:33 ` [PATCH 8/8] powerpc/rtas: consume retry statuses in sys_rtas() Nathan Lynch via B4 Relay 2023-03-06 21:33 ` Nathan Lynch 2023-03-23 6:26 ` Andrew Donnellan 2023-03-23 19:39 ` Nathan Lynch 2023-03-23 9:44 ` Michael Ellerman 2023-03-23 13:40 ` Nathan Lynch 2024-01-25 15:55 ` Christophe Leroy 2024-01-25 16:33 ` Nathan Lynch 2024-01-25 16:46 ` Christophe Leroy 2024-01-25 17:23 ` Nathan Lynch 2023-04-06 1:09 ` (subset) [PATCH 0/8] RTAS changes for 6.4 Michael Ellerman 2023-04-26 12:12 ` Michael Ellerman
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230220-rtas-queue-for-6-4-v1-2-010e4416f13f@linux.ibm.com \ --to=nathanl@linux.ibm.com \ --cc=ajd@linux.ibm.com \ --cc=cheloha@linux.ibm.com \ --cc=christophe.leroy@csgroup.eu \ --cc=ldufour@linux.ibm.com \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=mpe@ellerman.id.au \ --cc=nnac123@linux.ibm.com \ --cc=npiggin@gmail.com \ --cc=tyreld@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.