[PATCH] powerpc/powernv: Validate memcons descriptor and output buffer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Currently, it's assumed that memcons and its output buffer are included
in the linear mapping. It's not true when "mem=384M" is included in
bootargs. The system runs into kernel crash eventually.

   # od -x /proc/device-tree/ibm,opal/ibm,opal-memcons
   0000000 0000 0000 0b30 0010
   0000010

This validates memcons descriptor and its output buffer to ensure they
are valid in linear mapping. Otherwise, the interface won't be populated
to avoid kernel crash during system boot.

Cc: stable@xxxxxxxxxxxxxxx #3.15+
Fixes: bfc36894a48 ("powerpc/powernv: Add OPAL message log interface")
Signed-off-by: Gavin Shan <gwshan@xxxxxxxxxxxxxxxxxx>
---
 arch/powerpc/platforms/powernv/opal-msglog.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/platforms/powernv/opal-msglog.c b/arch/powerpc/platforms/powernv/opal-msglog.c
index 39d6ff9..34dc2f2 100644
--- a/arch/powerpc/platforms/powernv/opal-msglog.c
+++ b/arch/powerpc/platforms/powernv/opal-msglog.c
@@ -15,6 +15,7 @@
 #include <linux/of.h>
 #include <linux/types.h>
 #include <asm/barrier.h>
+#include <asm/setup.h>
 
 /* OPAL in-memory console. Defined in OPAL source at core/console.c */
 struct memcons {
@@ -104,7 +105,7 @@ static struct bin_attribute opal_msglog_attr = {
 
 void __init opal_msglog_init(void)
 {
-	u64 mcaddr;
+	u64 mcaddr, obuf_top;
 	struct memcons *mc;
 
 	if (of_property_read_u64(opal_node, "ibm,opal-memcons", &mcaddr)) {
@@ -112,6 +113,12 @@ void __init opal_msglog_init(void)
 		return;
 	}
 
+	if (memory_limit && (mcaddr + sizeof(*mc)) > memory_limit) {
+		pr_warn("OPAL: memcons descriptor (0x%llx, 0x%lx) is out of memory (0x%llx)\n",
+			mcaddr, sizeof(*mc), memory_limit);
+		return;
+	}
+
 	mc = phys_to_virt(mcaddr);
 	if (!mc) {
 		pr_warn("OPAL: memory console address is invalid\n");
@@ -123,6 +130,13 @@ void __init opal_msglog_init(void)
 		return;
 	}
 
+	obuf_top = be64_to_cpu(mc->obuf_phys) + be32_to_cpu(mc->obuf_size);
+	if (memory_limit && obuf_top > memory_limit) {
+		pr_warn("OPAL: memcons output buffer ceiling (0x%llx) is out of memory (0x%llx)\n",
+			obuf_top, memory_limit);
+		return;
+	}
+
 	opal_memcons = mc;
 }
 
-- 
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]