[PATCH] powerpc/powernv: Validate memcons descriptor and output buffer

Gavin Shan gwshan at linux.vnet.ibm.com
Thu Jan 19 10:52:50 AEDT 2017 

Currently, it's assumed that memcons and its output buffer are included
in the linear mapping. It's not true when "mem=384M" is included in
bootargs. The system runs into kernel crash eventually.

   # od -x /proc/device-tree/ibm,opal/ibm,opal-memcons
   0000000 0000 0000 0b30 0010
   0000010

This validates memcons descriptor and its output buffer to ensure they
are valid in linear mapping. Otherwise, the interface won't be populated
to avoid kernel crash during system boot.

Cc: stable at vger.kernel.org #3.15+
Fixes: bfc36894a48 ("powerpc/powernv: Add OPAL message log interface")
Signed-off-by: Gavin Shan <gwshan at linux.vnet.ibm.com>
---
 arch/powerpc/platforms/powernv/opal-msglog.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/platforms/powernv/opal-msglog.c b/arch/powerpc/platforms/powernv/opal-msglog.c
index 39d6ff9..34dc2f2 100644
--- a/arch/powerpc/platforms/powernv/opal-msglog.c
+++ b/arch/powerpc/platforms/powernv/opal-msglog.c
@@ -15,6 +15,7 @@
 #include <linux/of.h>
 #include <linux/types.h>
 #include <asm/barrier.h>
+#include <asm/setup.h>
 
 /* OPAL in-memory console. Defined in OPAL source at core/console.c */
 struct memcons {
@@ -104,7 +105,7 @@ static struct bin_attribute opal_msglog_attr = {
 
 void __init opal_msglog_init(void)
 {
-	u64 mcaddr;
+	u64 mcaddr, obuf_top;
 	struct memcons *mc;
 
 	if (of_property_read_u64(opal_node, "ibm,opal-memcons", &mcaddr)) {
@@ -112,6 +113,12 @@ void __init opal_msglog_init(void)
 		return;
 	}
 
+	if (memory_limit && (mcaddr + sizeof(*mc)) > memory_limit) {
+		pr_warn("OPAL: memcons descriptor (0x%llx, 0x%lx) is out of memory (0x%llx)\n",
+			mcaddr, sizeof(*mc), memory_limit);
+		return;
+	}
+
 	mc = phys_to_virt(mcaddr);
 	if (!mc) {
 		pr_warn("OPAL: memory console address is invalid\n");
@@ -123,6 +130,13 @@ void __init opal_msglog_init(void)
 		return;
 	}
 
+	obuf_top = be64_to_cpu(mc->obuf_phys) + be32_to_cpu(mc->obuf_size);
+	if (memory_limit && obuf_top > memory_limit) {
+		pr_warn("OPAL: memcons output buffer ceiling (0x%llx) is out of memory (0x%llx)\n",
+			obuf_top, memory_limit);
+		return;
+	}
+
 	opal_memcons = mc;
 }
 
-- 
2.7.4

More information about the Linuxppc-dev mailing list