[PATCH 7/8] powerpc/rtas: warn on unsafe argument to rtas_call_unlocked()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nathan Lynch via B4 Relay <devnull+nathanl.linux.ibm.com@kernel.org>
To: Michael Ellerman <mpe@ellerman.id.au>,
	 Nicholas Piggin <npiggin@gmail.com>,
	 Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Nathan Lynch <nathanl@linux.ibm.com>,
	Tyrel Datwyler <tyreld@linux.ibm.com>,
	Nick Child <nnac123@linux.ibm.com>,
	Andrew Donnellan <ajd@linux.ibm.com>,
	Scott Cheloha <cheloha@linux.ibm.com>,
	Laurent Dufour <ldufour@linux.ibm.com>,
	linuxppc-dev@lists.ozlabs.org
Subject: [PATCH 7/8] powerpc/rtas: warn on unsafe argument to rtas_call_unlocked()
Date: Mon, 06 Mar 2023 15:33:46 -0600	[thread overview]
Message-ID: <20230220-rtas-queue-for-6-4-v1-7-010e4416f13f@linux.ibm.com> (raw)
In-Reply-To: <20230220-rtas-queue-for-6-4-v1-0-010e4416f13f@linux.ibm.com>

From: Nathan Lynch <nathanl@linux.ibm.com>

Any caller of rtas_call_unlocked() must provide an rtas_args parameter
block distinct from the core rtas_args buffer used by the rtas_call()
path. It's an unlikely error to make, but the potential consequences
are grim, and it's trivial to check.

Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
---
 arch/powerpc/kernel/rtas.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index 633c925164e7..47a2aa43d7d4 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -1042,6 +1042,13 @@ void rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret,
 {
 	va_list list;
 
+	/*
+	 * Callers must not use rtas_args; otherwise they risk
+	 * corrupting the state of the rtas_call() path, which is
+	 * serialized by rtas_lock.
+	 */
+	WARN_ON(args == &rtas_args);
+
 	va_start(list, nret);
 	va_rtas_call(args, token, nargs, nret, list);
 	va_end(list);

-- 
2.39.1

WARNING: multiple messages have this Message-ID (diff)

From: Nathan Lynch <nathanl@linux.ibm.com>
To: Michael Ellerman <mpe@ellerman.id.au>,
	 Nicholas Piggin <npiggin@gmail.com>,
	 Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: linuxppc-dev@lists.ozlabs.org,
	Tyrel Datwyler <tyreld@linux.ibm.com>,
	 Scott Cheloha <cheloha@linux.ibm.com>,
	Andrew Donnellan <ajd@linux.ibm.com>,
	 Nick Child <nnac123@linux.ibm.com>,
	Laurent Dufour <ldufour@linux.ibm.com>,
	 Nathan Lynch <nathanl@linux.ibm.com>
Subject: [PATCH 7/8] powerpc/rtas: warn on unsafe argument to rtas_call_unlocked()
Date: Mon, 06 Mar 2023 15:33:46 -0600	[thread overview]
Message-ID: <20230220-rtas-queue-for-6-4-v1-7-010e4416f13f@linux.ibm.com> (raw)
In-Reply-To: <20230220-rtas-queue-for-6-4-v1-0-010e4416f13f@linux.ibm.com>

Any caller of rtas_call_unlocked() must provide an rtas_args parameter
block distinct from the core rtas_args buffer used by the rtas_call()
path. It's an unlikely error to make, but the potential consequences
are grim, and it's trivial to check.

Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
---
 arch/powerpc/kernel/rtas.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index 633c925164e7..47a2aa43d7d4 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -1042,6 +1042,13 @@ void rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret,
 {
 	va_list list;
 
+	/*
+	 * Callers must not use rtas_args; otherwise they risk
+	 * corrupting the state of the rtas_call() path, which is
+	 * serialized by rtas_lock.
+	 */
+	WARN_ON(args == &rtas_args);
+
 	va_start(list, nret);
 	va_rtas_call(args, token, nargs, nret, list);
 	va_end(list);

-- 
2.39.1

next prev parent reply	other threads:[~2023-03-06 21:36 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-06 21:33 [PATCH 0/8] RTAS changes for 6.4 Nathan Lynch via B4 Relay
2023-03-06 21:33 ` Nathan Lynch
2023-03-06 21:33 ` [PATCH 1/8] powerpc/rtas: ensure 8-byte alignment for struct rtas_args Nathan Lynch
2023-03-06 21:33   ` Nathan Lynch via B4 Relay
2023-03-23  4:00   ` Andrew Donnellan
2023-03-06 21:33 ` [PATCH 2/8] powerpc/rtas: use memmove for potentially overlapping buffer copy Nathan Lynch
2023-03-06 21:33   ` Nathan Lynch via B4 Relay
2023-03-23  4:09   ` Andrew Donnellan
2023-03-06 21:33 ` [PATCH 3/8] powerpc/rtas: rtas_call_unlocked() kerneldoc Nathan Lynch via B4 Relay
2023-03-06 21:33   ` Nathan Lynch
2023-03-23  4:15   ` Andrew Donnellan
2023-03-06 21:33 ` [PATCH 4/8] powerpc/rtas: fix miswording in rtas_function kerneldoc Nathan Lynch via B4 Relay
2023-03-06 21:33   ` Nathan Lynch
2023-03-23  0:17   ` Andrew Donnellan
2023-03-06 21:33 ` [PATCH 5/8] powerpc/rtas: rename va_rtas_call_unlocked() to va_rtas_call() Nathan Lynch
2023-03-06 21:33   ` Nathan Lynch via B4 Relay
2023-03-23  4:17   ` Andrew Donnellan
2023-03-23 16:11     ` Nathan Lynch
2023-03-29 12:24   ` Michael Ellerman
2023-03-06 21:33 ` [PATCH 6/8] powerpc/rtas: lockdep annotations Nathan Lynch
2023-03-06 21:33   ` Nathan Lynch via B4 Relay
2023-03-23  6:01   ` Andrew Donnellan
2023-03-06 21:33 ` Nathan Lynch via B4 Relay [this message]
2023-03-06 21:33   ` [PATCH 7/8] powerpc/rtas: warn on unsafe argument to rtas_call_unlocked() Nathan Lynch
2023-03-23  4:25   ` Andrew Donnellan
2023-03-23 12:17     ` Nathan Lynch
2023-03-24  0:56       ` Nathan Lynch
2023-03-29 12:20         ` Michael Ellerman
2023-03-29 16:23           ` Nathan Lynch
2023-03-06 21:33 ` [PATCH 8/8] powerpc/rtas: consume retry statuses in sys_rtas() Nathan Lynch via B4 Relay
2023-03-06 21:33   ` Nathan Lynch
2023-03-23  6:26   ` Andrew Donnellan
2023-03-23 19:39     ` Nathan Lynch
2023-03-23  9:44   ` Michael Ellerman
2023-03-23 13:40     ` Nathan Lynch
2024-01-25 15:55   ` Christophe Leroy
2024-01-25 16:33     ` Nathan Lynch
2024-01-25 16:46       ` Christophe Leroy
2024-01-25 17:23         ` Nathan Lynch
2023-04-06  1:09 ` (subset) [PATCH 0/8] RTAS changes for 6.4 Michael Ellerman
2023-04-26 12:12 ` Michael Ellerman

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:633c925164e dfblob:633c925164e dfblob:47a2aa43d7d
dfblob:47a2aa43d7d
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230220-rtas-queue-for-6-4-v1-7-010e4416f13f@linux.ibm.com \
    --to=devnull+nathanl.linux.ibm.com@kernel.org \
    --cc=ajd@linux.ibm.com \
    --cc=cheloha@linux.ibm.com \
    --cc=christophe.leroy@csgroup.eu \
    --cc=ldufour@linux.ibm.com \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=mpe@ellerman.id.au \
    --cc=nathanl@linux.ibm.com \
    --cc=nnac123@linux.ibm.com \
    --cc=npiggin@gmail.com \
    --cc=tyreld@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.