subject:"\[PATCH\] rtas\: Validate rtas entry before calling enter

Re: [PATCH] rtas: Validate rtas entry before calling enter_rtas

2015-10-19 Thread Michael Ellerman

On Sat, 2015-10-17 at 10:04 +0530, Vasant Hegde wrote:
> On 10/16/2015 11:49 PM, Denis Kirjanov wrote:
> > On 10/16/15, Vasant Hegde  wrote:
> > > On 10/16/2015 04:02 PM, Denis Kirjanov wrote:
> > > > On 10/16/15, Vasant Hegde  wrote:
> > > > > Currently we do not validate rtas entry before calling enter_rtas().
> > > > 
> > > > have you figured out why we have null entry?

> > > Yes... On PowerNV platform we don't have RTAS.. Hence it's not 
> > > initialized.

> > But why do we have CONFIG_PPC_RTAS on OPAL machines then?

> Today we use single config to build kernel for both PowerNV and PAPR guest. So
> that same ISO can be used in different environment (PAPR LPAR, PowerNV host,
> guest). I believe most distro also following this method. Hence we need this
> validation.

Yes that's right.

Many of our platforms can coexist. So for example you can build a 64-bit big
endian kernel with support for G5, pSeries, Powernv, PS3, IBM Cell Blades,
Pasemi, & Maple (Bimini).

That means code that is #ifdef'ed to depend on one of those platforms, may end
up running on another platform. So we usually also need a runtime check to make
sure code doesn't run in the wrong places.

You'll see a lot of initcalls are machine_xxx_initcalls(), which means they
only run if the correct platform was detected. There's also
firmware_has_feature() checks, and then also device tree based detection.

This one seems to have slipped through the cracks because the tools that call
sys_rtas() are not used on powernv machines, so no one has though to call that
syscall. And on pseries machines rtas is always present, though obviously the
code should have still checked rtas.entry to be safe.

cheers

___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

Re: [PATCH] rtas: Validate rtas entry before calling enter_rtas

2015-10-16 Thread Denis Kirjanov

On 10/16/15, Vasant Hegde  wrote:
> On 10/16/2015 04:02 PM, Denis Kirjanov wrote:
>> On 10/16/15, Vasant Hegde  wrote:
>>> Currently we do not validate rtas entry before calling enter_rtas().
>>> This
>>> is resulting in a kernel oops (see below) when user space calls rtas
>>> system
>>> call on PowerNV platform. We hit below oops when we ran trinity (system
>>> call
>>> fuzzer) on PowerNV. This patch adds code to validate rtas entry before
>>> making
>>> enter_rtas() call.
>>
>> Hi,
>> have you figured out why we have null entry?
>
> Denis,
>
> Yes... On PowerNV platform we don't have RTAS.. Hence it's not initialized.
But why do we have CONFIG_PPC_RTAS on OPAL machines then?


>
> -Vasant
>
>>
>> Thanks!
>>>
>>> dmesg:
>>> -
>>> [22061.541428] Oops: Exception in kernel mode, sig: 4 [#1]
>>> [22061.541446] SMP NR_CPUS=1024 NUMA PowerNV
>>> [22061.541453] Modules linked in: rfcomm bnep nfnetlink
>>> scsi_transport_iscsi
>>> hidp nfc af_802154 ieee802154 bluetooth rfkill pppoe pppox ppp_generic
>>> slhc
>>> irda crc_ccitt af_key sctp libcrc32c atm appletalk ipx p8023 psnap p8022
>>> ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_CHECKSUM tun ip6t_rpfilter
>>> ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack
>>> ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables
>>> ip6table_mangle ip6table_security ip6table_raw ip6table_filter
>>> ip6_tables
>>> iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat
>>> nf_conntrack
>>> iptable_mangle iptable_security iptable_raw windfarm_smu_sat ses
>>> enclosure
>>> windfarm_pid shpchp i2c_opal i2c_core kvm_hv kvm_pr dm_multipath kvm
>>> lpfc
>>> tg3 ptp pps_core scsi_transport_fc
>>> [22061.541561] CPU: 40 PID: 57748 Comm: trinity-c11 Not tainted
>>> 3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le #1
>>> [22061.541566] task: c4294b80 ti: c007e1a78000 task.ti:
>>> c007e1a78000
>>> [22061.541570] NIP:  LR: 9c14 CTR:
>>> c0423140
>>> [22061.541573] REGS: c007e1a7b920 TRAP: 0e40   Not tainted
>>> (3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le)
>>> [22061.541577] MSR: 10081000   CR:   XER:
>>> 
>>> [22061.541585] CFAR: c0009c0c SOFTE: 0
>>> GPR00: 90001031 c007e1a7bba0 c12b1d00
>>> 01338840
>>> GPR04:   10001000
>>> 90001033
>>> GPR08: 4000 80002933 3fff9e9d0068
>>> 
>>> GPR12: 00ff c7db7c00 
>>> 
>>> GPR16:   
>>> 
>>> GPR20:   
>>> 
>>> GPR24:  dc58 0001
>>> c01ee716e000
>>> GPR28:  c1338840 3fff9db3
>>> 
>>> [22061.541629] NIP []   (null)
>>> [22061.541637] LR [9c14] 0x9c14
>>> [22061.541640] Call Trace:
>>> [22061.541649] [c007e1a7bba0] [c041a7f4]
>>> avc_has_perm_noaudit+0x54/0x110 (unreliable)
>>> [22061.541657] [c007e1a7bd80] [c002ddc0]
>>> ppc_rtas+0x150/0x2d0
>>> [22061.541662] [c007e1a7be30] [c0009358]
>>> syscall_exit+0x0/0x98
>>> [22061.541666] Instruction dump:
>>> [22061.541669]      
>>>  
>>> [22061.541675]     6000 6000
>>> 6000 6000
>>> [22061.541688] ---[ end trace 6f9bf0b3d32096aa ]---
>>>
>>> Reported-by: NAGESWARA R. SASTRY 
>>> Signed-off-by: Vasant Hegde 
>>> ---
>>>  arch/powerpc/kernel/rtas.c |3 +++
>>>  1 file changed, 3 insertions(+)
>>>
>>> diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
>>> index 84bf934..5a753fa 100644
>>> --- a/arch/powerpc/kernel/rtas.c
>>> +++ b/arch/powerpc/kernel/rtas.c
>>> @@ -1043,6 +1043,9 @@ asmlinkage int ppc_rtas(struct rtas_args __user
>>> *uargs)
>>> if (!capable(CAP_SYS_ADMIN))
>>> return -EPERM;
>>>
>>> +   if (!rtas.entry)
>>> +   return -EINVAL;
>>> +
>>> if (copy_from_user(, uargs, 3 * sizeof(u32)) != 0)
>>> return -EFAULT;
>>>
>>>
>>> ___
>>> Linuxppc-dev mailing list
>>> Linuxppc-dev@lists.ozlabs.org
>>> https://lists.ozlabs.org/listinfo/linuxppc-dev
>>
>
>
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

Re: [PATCH] rtas: Validate rtas entry before calling enter_rtas

2015-10-16 Thread Denis Kirjanov

On 10/16/15, Vasant Hegde  wrote:
> Currently we do not validate rtas entry before calling enter_rtas(). This
> is resulting in a kernel oops (see below) when user space calls rtas system
> call on PowerNV platform. We hit below oops when we ran trinity (system call
> fuzzer) on PowerNV. This patch adds code to validate rtas entry before
> making
> enter_rtas() call.

Hi,
have you figured out why we have null entry?

Thanks!
>
> dmesg:
> -
> [22061.541428] Oops: Exception in kernel mode, sig: 4 [#1]
> [22061.541446] SMP NR_CPUS=1024 NUMA PowerNV
> [22061.541453] Modules linked in: rfcomm bnep nfnetlink scsi_transport_iscsi
> hidp nfc af_802154 ieee802154 bluetooth rfkill pppoe pppox ppp_generic slhc
> irda crc_ccitt af_key sctp libcrc32c atm appletalk ipx p8023 psnap p8022
> ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_CHECKSUM tun ip6t_rpfilter
> ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack
> ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables
> ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables
> iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack
> iptable_mangle iptable_security iptable_raw windfarm_smu_sat ses enclosure
> windfarm_pid shpchp i2c_opal i2c_core kvm_hv kvm_pr dm_multipath kvm lpfc
> tg3 ptp pps_core scsi_transport_fc
> [22061.541561] CPU: 40 PID: 57748 Comm: trinity-c11 Not tainted
> 3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le #1
> [22061.541566] task: c4294b80 ti: c007e1a78000 task.ti:
> c007e1a78000
> [22061.541570] NIP:  LR: 9c14 CTR:
> c0423140
> [22061.541573] REGS: c007e1a7b920 TRAP: 0e40   Not tainted
> (3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le)
>   [22061.541577] MSR: 10081000   CR:   XER: 
> 
>   [22061.541585] CFAR: c0009c0c SOFTE: 0
>   GPR00: 90001031 c007e1a7bba0 c12b1d00 
> 01338840
>   GPR04:   10001000 
> 90001033
>   GPR08: 4000 80002933 3fff9e9d0068 
> 
>   GPR12: 00ff c7db7c00  
> 
>   GPR16:    
> 
>   GPR20:    
> 
>   GPR24:  dc58 0001 
> c01ee716e000
>   GPR28:  c1338840 3fff9db3 
> 
>   [22061.541629] NIP []   (null)
>   [22061.541637] LR [9c14] 0x9c14
>   [22061.541640] Call Trace:
>   [22061.541649] [c007e1a7bba0] [c041a7f4]
> avc_has_perm_noaudit+0x54/0x110 (unreliable)
>   [22061.541657] [c007e1a7bd80] [c002ddc0] 
> ppc_rtas+0x150/0x2d0
>   [22061.541662] [c007e1a7be30] [c0009358] 
> syscall_exit+0x0/0x98
>   [22061.541666] Instruction dump:
>   [22061.541669]      
>  
>   [22061.541675]     6000 6000
> 6000 6000
>   [22061.541688] ---[ end trace 6f9bf0b3d32096aa ]---
>
> Reported-by: NAGESWARA R. SASTRY 
> Signed-off-by: Vasant Hegde 
> ---
>  arch/powerpc/kernel/rtas.c |3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
> index 84bf934..5a753fa 100644
> --- a/arch/powerpc/kernel/rtas.c
> +++ b/arch/powerpc/kernel/rtas.c
> @@ -1043,6 +1043,9 @@ asmlinkage int ppc_rtas(struct rtas_args __user
> *uargs)
>   if (!capable(CAP_SYS_ADMIN))
>   return -EPERM;
>
> + if (!rtas.entry)
> + return -EINVAL;
> +
>   if (copy_from_user(, uargs, 3 * sizeof(u32)) != 0)
>   return -EFAULT;
>
>
> ___
> Linuxppc-dev mailing list
> Linuxppc-dev@lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/linuxppc-dev
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

[PATCH] rtas: Validate rtas entry before calling enter_rtas

2015-10-16 Thread Vasant Hegde

Currently we do not validate rtas entry before calling enter_rtas(). This
is resulting in a kernel oops (see below) when user space calls rtas system
call on PowerNV platform. We hit below oops when we ran trinity (system call
fuzzer) on PowerNV. This patch adds code to validate rtas entry before making
enter_rtas() call.

dmesg:
-
[22061.541428] Oops: Exception in kernel mode, sig: 4 [#1]
[22061.541446] SMP NR_CPUS=1024 NUMA PowerNV
[22061.541453] Modules linked in: rfcomm bnep nfnetlink scsi_transport_iscsi 
hidp nfc af_802154 ieee802154 bluetooth rfkill pppoe pppox ppp_generic slhc 
irda crc_ccitt af_key sctp libcrc32c atm appletalk ipx p8023 psnap p8022 
ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_CHECKSUM tun ip6t_rpfilter ip6t_REJECT 
nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack ebtable_nat 
ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle 
ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat 
nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle 
iptable_security iptable_raw windfarm_smu_sat ses enclosure windfarm_pid shpchp 
i2c_opal i2c_core kvm_hv kvm_pr dm_multipath kvm lpfc tg3 ptp pps_core 
scsi_transport_fc
[22061.541561] CPU: 40 PID: 57748 Comm: trinity-c11 Not tainted 
3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le #1
[22061.541566] task: c4294b80 ti: c007e1a78000 task.ti: 
c007e1a78000
[22061.541570] NIP:  LR: 9c14 CTR: c0423140
[22061.541573] REGS: c007e1a7b920 TRAP: 0e40   Not tainted  
(3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le)
[22061.541577] MSR: 10081000   CR:   XER: 

[22061.541585] CFAR: c0009c0c SOFTE: 0
GPR00: 90001031 c007e1a7bba0 c12b1d00 
01338840
GPR04:   10001000 
90001033
GPR08: 4000 80002933 3fff9e9d0068 

GPR12: 00ff c7db7c00  

GPR16:    

GPR20:    

GPR24:  dc58 0001 
c01ee716e000
GPR28:  c1338840 3fff9db3 

[22061.541629] NIP []   (null)
[22061.541637] LR [9c14] 0x9c14
[22061.541640] Call Trace:
[22061.541649] [c007e1a7bba0] [c041a7f4] 
avc_has_perm_noaudit+0x54/0x110 (unreliable)
[22061.541657] [c007e1a7bd80] [c002ddc0] 
ppc_rtas+0x150/0x2d0
[22061.541662] [c007e1a7be30] [c0009358] 
syscall_exit+0x0/0x98
[22061.541666] Instruction dump:
[22061.541669]       
 
[22061.541675]     6000 6000 
6000 6000
[22061.541688] ---[ end trace 6f9bf0b3d32096aa ]---

Reported-by: NAGESWARA R. SASTRY 
Signed-off-by: Vasant Hegde 
---
 arch/powerpc/kernel/rtas.c |3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index 84bf934..5a753fa 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -1043,6 +1043,9 @@ asmlinkage int ppc_rtas(struct rtas_args __user *uargs)
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
 
+   if (!rtas.entry)
+   return -EINVAL;
+
if (copy_from_user(, uargs, 3 * sizeof(u32)) != 0)
return -EFAULT;
 

___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

Re: [PATCH] rtas: Validate rtas entry before calling enter_rtas

2015-10-16 Thread Vasant Hegde

On 10/16/2015 04:02 PM, Denis Kirjanov wrote:
> On 10/16/15, Vasant Hegde  wrote:
>> Currently we do not validate rtas entry before calling enter_rtas(). This
>> is resulting in a kernel oops (see below) when user space calls rtas system
>> call on PowerNV platform. We hit below oops when we ran trinity (system call
>> fuzzer) on PowerNV. This patch adds code to validate rtas entry before
>> making
>> enter_rtas() call.
> 
> Hi,
> have you figured out why we have null entry?

Denis,

Yes... On PowerNV platform we don't have RTAS.. Hence it's not initialized.

-Vasant

> 
> Thanks!
>>
>> dmesg:
>> -
>> [22061.541428] Oops: Exception in kernel mode, sig: 4 [#1]
>> [22061.541446] SMP NR_CPUS=1024 NUMA PowerNV
>> [22061.541453] Modules linked in: rfcomm bnep nfnetlink scsi_transport_iscsi
>> hidp nfc af_802154 ieee802154 bluetooth rfkill pppoe pppox ppp_generic slhc
>> irda crc_ccitt af_key sctp libcrc32c atm appletalk ipx p8023 psnap p8022
>> ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_CHECKSUM tun ip6t_rpfilter
>> ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack
>> ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables
>> ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables
>> iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack
>> iptable_mangle iptable_security iptable_raw windfarm_smu_sat ses enclosure
>> windfarm_pid shpchp i2c_opal i2c_core kvm_hv kvm_pr dm_multipath kvm lpfc
>> tg3 ptp pps_core scsi_transport_fc
>> [22061.541561] CPU: 40 PID: 57748 Comm: trinity-c11 Not tainted
>> 3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le #1
>> [22061.541566] task: c4294b80 ti: c007e1a78000 task.ti:
>> c007e1a78000
>> [22061.541570] NIP:  LR: 9c14 CTR:
>> c0423140
>> [22061.541573] REGS: c007e1a7b920 TRAP: 0e40   Not tainted
>> (3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le)
>>  [22061.541577] MSR: 10081000   CR:   XER: 
>> 
>>  [22061.541585] CFAR: c0009c0c SOFTE: 0
>>  GPR00: 90001031 c007e1a7bba0 c12b1d00 
>> 01338840
>>  GPR04:   10001000 
>> 90001033
>>  GPR08: 4000 80002933 3fff9e9d0068 
>> 
>>  GPR12: 00ff c7db7c00  
>> 
>>  GPR16:    
>> 
>>  GPR20:    
>> 
>>  GPR24:  dc58 0001 
>> c01ee716e000
>>  GPR28:  c1338840 3fff9db3 
>> 
>>  [22061.541629] NIP []   (null)
>>  [22061.541637] LR [9c14] 0x9c14
>>  [22061.541640] Call Trace:
>>  [22061.541649] [c007e1a7bba0] [c041a7f4]
>> avc_has_perm_noaudit+0x54/0x110 (unreliable)
>>  [22061.541657] [c007e1a7bd80] [c002ddc0] 
>> ppc_rtas+0x150/0x2d0
>>  [22061.541662] [c007e1a7be30] [c0009358] 
>> syscall_exit+0x0/0x98
>>  [22061.541666] Instruction dump:
>>  [22061.541669]      
>>  
>>  [22061.541675]     6000 6000
>> 6000 6000
>>  [22061.541688] ---[ end trace 6f9bf0b3d32096aa ]---
>>
>> Reported-by: NAGESWARA R. SASTRY 
>> Signed-off-by: Vasant Hegde 
>> ---
>>  arch/powerpc/kernel/rtas.c |3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
>> index 84bf934..5a753fa 100644
>> --- a/arch/powerpc/kernel/rtas.c
>> +++ b/arch/powerpc/kernel/rtas.c
>> @@ -1043,6 +1043,9 @@ asmlinkage int ppc_rtas(struct rtas_args __user
>> *uargs)
>>  if (!capable(CAP_SYS_ADMIN))
>>  return -EPERM;
>>
>> +if (!rtas.entry)
>> +return -EINVAL;
>> +
>>  if (copy_from_user(, uargs, 3 * sizeof(u32)) != 0)
>>  return -EFAULT;
>>
>>
>> ___
>> Linuxppc-dev mailing list
>> Linuxppc-dev@lists.ozlabs.org
>> https://lists.ozlabs.org/listinfo/linuxppc-dev
> 

___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

Re: [PATCH] rtas: Validate rtas entry before calling enter_rtas

2015-10-16 Thread Vasant Hegde

On 10/16/2015 11:49 PM, Denis Kirjanov wrote:
> On 10/16/15, Vasant Hegde  wrote:
>> On 10/16/2015 04:02 PM, Denis Kirjanov wrote:
>>> On 10/16/15, Vasant Hegde  wrote:
 Currently we do not validate rtas entry before calling enter_rtas().
 This
 is resulting in a kernel oops (see below) when user space calls rtas
 system
 call on PowerNV platform. We hit below oops when we ran trinity (system
 call
 fuzzer) on PowerNV. This patch adds code to validate rtas entry before
 making
 enter_rtas() call.
>>>
>>> Hi,
>>> have you figured out why we have null entry?
>>
>> Denis,

Denis,

>>
>> Yes... On PowerNV platform we don't have RTAS.. Hence it's not initialized.
> But why do we have CONFIG_PPC_RTAS on OPAL machines then?


Sorry. I should have elaborated little bit..

Today we use single config to build kernel for both PowerNV and PAPR guest. So
that same ISO can be used in different environment (PAPR LPAR, PowerNV host,
guest). I believe most distro also following this method. Hence we need this
validation.

-Vasant

___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

Re: [PATCH] rtas: Validate rtas entry before calling enter_rtas

Re: [PATCH] rtas: Validate rtas entry before calling enter_rtas

Re: [PATCH] rtas: Validate rtas entry before calling enter_rtas

[PATCH] rtas: Validate rtas entry before calling enter_rtas

Re: [PATCH] rtas: Validate rtas entry before calling enter_rtas

Re: [PATCH] rtas: Validate rtas entry before calling enter_rtas

6 matches

Site Navigation

Mail list logo

Footer information