| Message ID | 20160810020229.GA3660@balbir.ozlabs.ibm.com |
|---|---|
| State | Accepted |
| Headers | show |
Balbir Singh <bsingharora@gmail.com> writes: > From: Balbir Singh <bsingharora@gmail.com> > > If the kernel called an OPAL API with vmalloc'd address > or any other address range in real mode, we would hit > a problem with aliasing. Since the top 4 bits are ignored > in real mode, pointers from 0xc.. and 0xd.. (and other ranges) > could collide and lead to hard to solve bugs. This patch > adds the infrastructure for pointer validation and a simple > test case for testing the API > > Signed-off-by: Balbir Singh <bsingharora@gmail.com> > --- > > Changelog v2: > - No functional changes > - Update copyright to 2016 > - Add reference to the power ISA section 5.7 > > core/test/Makefile.check | 1 + > core/test/run-api-test.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++ > include/opal-api.h | 25 ++++++++++++++++++++++++ > 3 files changed, 77 insertions(+) > create mode 100644 core/test/run-api-test.c I moved the check to opal-internal.h rather than opal-api.h and merged the series (along with my adjustment of top_of_ram patch) to master as of 5c4bfc63a0e6ae9d3bb6f6e1bfaa9443c847998a.
On Thu, Aug 18, 2016 at 03:57:07PM +1000, Stewart Smith wrote: > Balbir Singh <bsingharora@gmail.com> writes: > > From: Balbir Singh <bsingharora@gmail.com> > > > > If the kernel called an OPAL API with vmalloc'd address > > or any other address range in real mode, we would hit > > a problem with aliasing. Since the top 4 bits are ignored > > in real mode, pointers from 0xc.. and 0xd.. (and other ranges) > > could collide and lead to hard to solve bugs. This patch > > adds the infrastructure for pointer validation and a simple > > test case for testing the API > > > > Signed-off-by: Balbir Singh <bsingharora@gmail.com> > > --- > > > > Changelog v2: > > - No functional changes > > - Update copyright to 2016 > > - Add reference to the power ISA section 5.7 > > > > core/test/Makefile.check | 1 + > > core/test/run-api-test.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++ > > include/opal-api.h | 25 ++++++++++++++++++++++++ > > 3 files changed, 77 insertions(+) > > create mode 100644 core/test/run-api-test.c > > I moved the check to opal-internal.h rather than opal-api.h and merged > the series (along with my adjustment of top_of_ram patch) to master as > of 5c4bfc63a0e6ae9d3bb6f6e1bfaa9443c847998a. > Thanks! opal-internal.h makes sense Balbir Singh.
diff --git a/core/test/Makefile.check b/core/test/Makefile.check index b24bc21..cc3b47a 100644 --- a/core/test/Makefile.check +++ b/core/test/Makefile.check @@ -20,6 +20,7 @@ CORE_TEST := core/test/run-device \ CORE_TEST_NOSTUB := core/test/run-console-log CORE_TEST_NOSTUB += core/test/run-console-log-buf-overrun CORE_TEST_NOSTUB += core/test/run-console-log-pr_fmt +CORE_TEST_NOSTUB += core/test/run-api-test LCOV_EXCLUDE += $(CORE_TEST:%=%.c) core/test/stubs.c LCOV_EXCLUDE += $(CORE_TEST_NOSTUB:%=%.c) /usr/include/* diff --git a/core/test/run-api-test.c b/core/test/run-api-test.c new file mode 100644 index 0000000..58e9735 --- /dev/null +++ b/core/test/run-api-test.c @@ -0,0 +1,51 @@ +/* Copyright 2014-2016 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * For now it just validates that addresses passed are sane and test the + * wrapper that validates addresses + */ + +#include <config.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include <stdarg.h> +#include <compiler.h> +#include <opal-api.h> + +#define __TEST__ +unsigned long top_of_ram; /* Fake it here */ +int main(void) +{ + unsigned long addr = 0xd000000000000000; + + top_of_ram = 16ULL * 1024 * 1024 * 1024; /* 16 GB */ + assert(opal_addr_valid((void *)addr) == false); + + addr = 0xc000000000000000; + assert(opal_addr_valid((void *)addr) == true); + + addr = 0x0; + assert(opal_addr_valid((void *)addr) == true); + + addr = ~0; + assert(opal_addr_valid((void *)addr) == false); + + addr = top_of_ram + 1; + assert(opal_addr_valid((void *)addr) == false); + return 0; +} diff --git a/include/opal-api.h b/include/opal-api.h index c86244b..a937709 100644 --- a/include/opal-api.h +++ b/include/opal-api.h @@ -213,6 +213,9 @@ #ifndef __ASSEMBLY__ +#include <stdbool.h> +#include <types.h> + /* Other enums */ enum OpalVendorApiTokens { OPAL_START_VENDOR_API_RANGE = 1000, OPAL_END_VENDOR_API_RANGE = 1999 @@ -1043,6 +1046,28 @@ enum { OPAL_PCI_TCE_KILL_ALL, }; +extern unsigned long top_of_ram; + +/* + * Returns true if the address is valid, false otherwise + * + * Checks if the passed address belongs to real address space + * or 0xc000... kernel address space. It also checks that + * addr <= total physical memory. The magic value 60 comes + * from 60 bit real address mentioned in section 5.7 of the + * Power ISA (Book 3S). + */ +static inline bool opal_addr_valid(const void *addr) +{ + unsigned long val = (unsigned long)addr; + if ((val >> 60) != 0xc && (val >> 60) != 0x0) + return false; + val &= ~0xf000000000000000; + if (val > top_of_ram) + return false; + return true; +} + #endif /* __ASSEMBLY__ */ #endif /* __OPAL_API_H */