On Fri, Mar 15, 2019 at 11:55 AM Jordan Niethe <jniet...@gmail.com> wrote:
>
> The sysfs nodes created under /opal/exports/ do not currently support
> mmap. Skiboot trace buffers are not yet added to this location but
> this is a suitable for them to be exported to. Adding mmap support makes
> using these trace buffers more convenient. The state in the header of
> the trace buffer is needed to ensure the read position has not been
> overwritten. Thus the header of the buffer must be read, then the
> read position itself. Using lseek/read to do this introduces a delay
> that could result in incorrect reads if the read position is overwritten
> after the header is read.
>
> Signed-off-by: Jordan Niethe <jniet...@gmail.com>
> ---
>  arch/powerpc/platforms/powernv/opal.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
>
> diff --git a/arch/powerpc/platforms/powernv/opal.c 
> b/arch/powerpc/platforms/powernv/opal.c
> index 2b0eca104f86..3cfc683bb060 100644
> --- a/arch/powerpc/platforms/powernv/opal.c
> +++ b/arch/powerpc/platforms/powernv/opal.c
> @@ -714,6 +714,15 @@ static ssize_t export_attr_read(struct file *fp, struct 
> kobject *kobj,
>                                        bin_attr->size);
>  }
>
> +static int export_attr_mmap(struct file *fp, struct kobject *kobj,
> +                               struct bin_attribute *attr,
> +                               struct vm_area_struct *vma)
> +{
> +       return remap_pfn_range(vma, vma->vm_start,
> +                               __pa(attr->private) >> PAGE_SHIFT,
> +                               attr->size, PAGE_READONLY);
> +}
> +
>  /*
>   * opal_export_attrs: creates a sysfs node for each property listed in
>   * the device-tree under /ibm,opal/firmware/exports/
> @@ -759,6 +768,7 @@ static void opal_export_attrs(void)
>                 attr->attr.name = kstrdup(prop->name, GFP_KERNEL);
>                 attr->attr.mode = 0400;
>                 attr->read = export_attr_read;
> +               attr->mmap = export_attr_mmap;

You are assuming that it's safe to allow the export to be mmap()ed
here and that's not always the case. e.g.

[16:56 oliveroh@localhost .../firmware/exports]$ lsprop
symbol_map       00000000 30125640 00000000 0003598d
hdat_map         00000000 31200000 00000000 00800000
phandle          100002e8 (268436200)
name             "exports"

The symbol_map export there does not start (or end) at a page
boundary. If you allow user programs to mmap() that export it will
make everything from 0x30120000 to 0x30160000 and the additional space
might contain internal firmware data structures that we'd rather not
allow userspace to access.You can protect against that by validating
the export starts and ends on a page boundary and only populating the
.mmap when it's safe to do so.

>                 attr->private = __va(vals[0]);
>                 attr->size = vals[1];
>
> --
> 2.20.1
>

Reply via email to