Patch "powerpc/rtas: Avoid warning on invalid token argument to sys_rtas()" has been added to the 6.7-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    powerpc/rtas: Avoid warning on invalid token argument to sys_rtas()

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     powerpc-rtas-avoid-warning-on-invalid-token-argument.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 60e97eae86624e697bd6227b268445268c2292f9
Author: Nathan Lynch <nathanl@xxxxxxxxxxxxx>
Date:   Tue Dec 12 11:01:48 2023 -0600

    powerpc/rtas: Avoid warning on invalid token argument to sys_rtas()
    
    [ Upstream commit 01e346ffefda3a7088afebf02b940614179688e7 ]
    
    rtas_token_to_function() WARNs when passed an invalid token; it's
    meant to catch bugs in kernel-based users of RTAS functions. However,
    user space controls the token value passed to rtas_token_to_function()
    by block_rtas_call(), so user space with sufficient privilege to use
    sys_rtas() can trigger the warnings at will:
    
      unexpected failed lookup for token 2048
      WARNING: CPU: 20 PID: 2247 at arch/powerpc/kernel/rtas.c:556
        rtas_token_to_function+0xfc/0x110
      ...
      NIP rtas_token_to_function+0xfc/0x110
      LR  rtas_token_to_function+0xf8/0x110
      Call Trace:
        rtas_token_to_function+0xf8/0x110 (unreliable)
        sys_rtas+0x188/0x880
        system_call_exception+0x268/0x530
        system_call_common+0x160/0x2c4
    
    It's desirable to continue warning on bogus tokens in
    rtas_token_to_function(). Currently it is used to look up RTAS
    function descriptors when tracing, where we know there has to have
    been a successful descriptor lookup by different means already, and it
    would be a serious inconsistency for the reverse lookup to fail.
    
    So instead of weakening rtas_token_to_function()'s contract by
    removing the warnings, introduce rtas_token_to_function_untrusted(),
    which has no opinion on failed lookups. Convert block_rtas_call() and
    rtas_token_to_function() to use it.
    
    Fixes: 8252b88294d2 ("powerpc/rtas: improve function information lookups")
    Signed-off-by: Nathan Lynch <nathanl@xxxxxxxxxxxxx>
    Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
    Link: https://msgid.link/20231212-papr-sys_rtas-vs-lockdown-v6-1-e9eafd0c8c6c@xxxxxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index eddc031c4b95..87d65bdd3eca 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -544,6 +544,21 @@ static int __init rtas_token_to_function_xarray_init(void)
 }
 arch_initcall(rtas_token_to_function_xarray_init);
 
+/*
+ * For use by sys_rtas(), where the token value is provided by user
+ * space and we don't want to warn on failed lookups.
+ */
+static const struct rtas_function *rtas_token_to_function_untrusted(s32 token)
+{
+	return xa_load(&rtas_token_to_function_xarray, token);
+}
+
+/*
+ * Reverse lookup for deriving the function descriptor from a
+ * known-good token value in contexts where the former is not already
+ * available. @token must be valid, e.g. derived from the result of a
+ * prior lookup against the function table.
+ */
 static const struct rtas_function *rtas_token_to_function(s32 token)
 {
 	const struct rtas_function *func;
@@ -551,7 +566,7 @@ static const struct rtas_function *rtas_token_to_function(s32 token)
 	if (WARN_ONCE(token < 0, "invalid token %d", token))
 		return NULL;
 
-	func = xa_load(&rtas_token_to_function_xarray, token);
+	func = rtas_token_to_function_untrusted(token);
 
 	if (WARN_ONCE(!func, "unexpected failed lookup for token %d", token))
 		return NULL;
@@ -1726,7 +1741,7 @@ static bool block_rtas_call(int token, int nargs,
 	 * If this token doesn't correspond to a function the kernel
 	 * understands, you're not allowed to call it.
 	 */
-	func = rtas_token_to_function(token);
+	func = rtas_token_to_function_untrusted(token);
 	if (!func)
 		goto err;
 	/*




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux