From ef3e787c21d1efcd297f0cf2e9535e76188fb831 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Thu, 24 Mar 2022 15:57:25 -0700 Subject: usercopy: Disable CONFIG_HARDENED_USERCOPY_PAGESPAN CONFIG_HARDENED_USERCOPY_PAGESPAN has been mostly broken for a while, and it has become hard to ignore with some recent scsi changes[1]. While there is a more complete series to replace it with better checks[2], it should have more soak time in -next. Instead, disable the config now, with the expectation that it will be fully replaced in the next kernel release. [1] https://lore.kernel.org/lkml/20220324064846.GA12961@lst.de/ [2] https://lore.kernel.org/linux-hardening/20220110231530.665970-1-willy@infradead.org/ Suggested-by: Christoph Hellwig Cc: "Matthew Wilcox (Oracle)" Signed-off-by: Kees Cook --- security/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/Kconfig b/security/Kconfig index 0b847f435beb..88a0bc8c592b 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -166,7 +166,7 @@ config HARDENED_USERCOPY config HARDENED_USERCOPY_PAGESPAN bool "Refuse to copy allocations that span multiple pages" depends on HARDENED_USERCOPY - depends on EXPERT + depends on BROKEN help When a multi-page allocation is done without __GFP_COMP, hardened usercopy will reject attempts to copy it. There are, -- cgit v1.2.3 From 229a08a4f4e4f9949801cc39b6480ddc9c487183 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Wed, 9 Mar 2022 09:37:31 -0800 Subject: ARM/dma-mapping: Remove CMA code when not built with CMA The MAX_CMA_AREAS could be set to 0, which would result in code that would attempt to operate beyond the end of a zero-sized array. If CONFIG_CMA is disabled, just remove this code entirely. Found when building arm on GCC 10.x for several defconfigs (e.g. axm55xx_defconfig) under -Warray-bounds: arch/arm/mm/dma-mapping.c:396:22: warning: array subscript is outside array bounds of 'struct dma_contig_early_reserve[0]' [-Warray-bounds] 396 | dma_mmu_remap[dma_mmu_remap_num].size = size; | ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~ arch/arm/mm/dma-mapping.c:389:40: note: while referencing 'dma_mmu_remap' 389 | static struct dma_contig_early_reserve dma_mmu_remap[MAX_CMA_AREAS] __initdata; | ^~~~~~~~~~~~~ Cc: Russell King Cc: Logan Gunthorpe Cc: Martin Oliveira Cc: David Hildenbrand Cc: Andrew Morton Cc: Stephen Rothwell Cc: Zi Yan Cc: Hari Bathini Cc: Minchan Kim Cc: Mike Kravetz Cc: linux-arm-kernel@lists.infradead.org Link: https://lore.kernel.org/all/6243ee60.1c69fb81.16de6.7dbf@mx.google.com/ Signed-off-by: Kees Cook Reviewed-by: Christoph Hellwig Link: https://lore.kernel.org/lkml/20220310070041.GA24874@lst.de Reviewed-by: David Hildenbrand Link: https://lore.kernel.org/lkml/9059fa71-330f-f04f-b155-2850abb72a71@redhat.com --- arch/arm/mm/dma-mapping.c | 2 ++ arch/arm/mm/mm.h | 4 ++++ include/linux/cma.h | 4 ---- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c index 4b61541853ea..82ffac621854 100644 --- a/arch/arm/mm/dma-mapping.c +++ b/arch/arm/mm/dma-mapping.c @@ -381,6 +381,7 @@ out: */ postcore_initcall(atomic_pool_init); +#ifdef CONFIG_CMA_AREAS struct dma_contig_early_reserve { phys_addr_t base; unsigned long size; @@ -435,6 +436,7 @@ void __init dma_contiguous_remap(void) iotable_init(&map, 1); } } +#endif static int __dma_update_pte(pte_t *pte, unsigned long addr, void *data) { diff --git a/arch/arm/mm/mm.h b/arch/arm/mm/mm.h index 9ff683612f2a..d7ffccb7fea7 100644 --- a/arch/arm/mm/mm.h +++ b/arch/arm/mm/mm.h @@ -88,6 +88,10 @@ extern phys_addr_t arm_lowmem_limit; void __init bootmem_init(void); void arm_mm_memblock_reserve(void); +#ifdef CONFIG_CMA_AREAS void dma_contiguous_remap(void); +#else +static inline void dma_contiguous_remap(void) { } +#endif unsigned long __clear_cr(unsigned long mask); diff --git a/include/linux/cma.h b/include/linux/cma.h index bd801023504b..2c2ede7f0724 100644 --- a/include/linux/cma.h +++ b/include/linux/cma.h @@ -12,10 +12,6 @@ */ #ifdef CONFIG_CMA_AREAS #define MAX_CMA_AREAS (1 + CONFIG_CMA_AREAS) - -#else -#define MAX_CMA_AREAS (0) - #endif #define CMA_MAX_NAME 64 -- cgit v1.2.3