Emulation/switch-coreboot
1
0
Fork 0
mirror of https://github.com/fail0verflow/switch-coreboot.git synced 2025-05-04 01:39:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

UPSTREAM: util/cbmem: mmap underflow on low addresses

Browse source 
There is code to adjust the mapping down if a mmap fails
at a physical address. However, if the address is less
than the page size of the system then the physical offset will
underflow. This can actually cause a kernel panic on when
operating on /dev/mem.

The failing condition happens when the requested mapping at 0
fails in the kernel. The fallback path is taken and page size
is subtracted from 0 making a very large offset. The PAT code
in the kernel fails with a BUG_ON in reserve_memtype() checking
start >= end. The kernel needs to be fixed as well, but this
fallback path is wrong as well.

BUG=b:38211793

Change-Id: Idd5b22027633e5e1febd140336244f25a5304de4
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Original-Commit-Id: 7ad44eed08
Original-Change-Id: I32b0c15b2f1aa43fc57656d5d2d5f0e4e90e94ef
Original-Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-on: https://review.coreboot.org/19679
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Original-Reviewed-by: Philippe Mathieu-Daud <philippe.mathieu.daude@gmail.com>
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Original-Reviewed-by: Furquan Shaikh <furquan@google.com>
Original-Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-on: https://chromium-review.googlesource.com/506197
Commit-Ready: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
This commit is contained in:
Aaron Durbin 2017-05-12 09:55:16 -05:00 committed by chrome-bot
parent 100251bfaa
commit 12dac6c097
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
util/cbmem/cbmem.c
View file

@ -165,7 +165,9 @@ static void *map_memory_size(u64 physical, size_t size, uint8_t abort_on_failure
v = mmap(NULL, size, PROT_READ, MAP_SHARED, mem_fd, p);
if (v == MAP_FAILED) {
/* Only try growing down when address exceeds page size so that
one doesn't underflow the offset request. */
if (v == MAP_FAILED && p >= page) {
/* The mapped area may have overrun the upper cbmem boundary when trying to
* align to the page size. Try growing down instead of up...
*/