From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH master 2/7] sandbox: add_image: support mmaping block devices on 32-bit hosts
Date: Mon, 14 Sep 2020 12:05:48 +0200 [thread overview]
Message-ID: <20200914100553.24808-2-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20200914100553.24808-1-a.fatoum@pengutronix.de>
BLKGETSIZE64 writes 64-bit to the address pointed at by the ioctl argument.
As hf->size is a 32-bit size_t on 32-bit systems, on such systems,
the adjacent member might be corrupted. Fix this.
Fixes: 8d6da6462b12 ("sandbox: add_image: mmap block devices")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
arch/sandbox/board/dtb.c | 2 +-
arch/sandbox/board/hostfile.c | 1 +
arch/sandbox/dts/sandbox-state-example.dtsi | 2 +-
arch/sandbox/dts/skeleton.dtsi | 4 ++--
arch/sandbox/mach-sandbox/include/mach/hostfile.h | 2 +-
arch/sandbox/os/common.c | 10 +++++++---
6 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/arch/sandbox/board/dtb.c b/arch/sandbox/board/dtb.c
index 74ecbadf4217..d11bde0249bd 100644
--- a/arch/sandbox/board/dtb.c
+++ b/arch/sandbox/board/dtb.c
@@ -46,7 +46,7 @@ static int of_sandbox_init(void)
if (ret)
return ret;
- ret = of_property_write_u32(root, "#size-cells", 1);
+ ret = of_property_write_u32(root, "#size-cells", 2);
if (ret)
return ret;
}
diff --git a/arch/sandbox/board/hostfile.c b/arch/sandbox/board/hostfile.c
index 56023b4ad45d..07287fc0b4a1 100644
--- a/arch/sandbox/board/hostfile.c
+++ b/arch/sandbox/board/hostfile.c
@@ -134,6 +134,7 @@ static int of_hostfile_fixup(struct device_node *root, void *ctx)
uint32_t reg[] = {
hf->base >> 32,
hf->base,
+ hf->size >> 32,
hf->size
};
int ret;
diff --git a/arch/sandbox/dts/sandbox-state-example.dtsi b/arch/sandbox/dts/sandbox-state-example.dtsi
index fc17bd078899..98640f6677cf 100644
--- a/arch/sandbox/dts/sandbox-state-example.dtsi
+++ b/arch/sandbox/dts/sandbox-state-example.dtsi
@@ -6,7 +6,7 @@
disk {
compatible = "barebox,hostfile";
barebox,filename = "disk";
- reg = <0x0 0x0 0x100000>;
+ reg = <0x0 0x0 0x0 0x100000>;
partitions {
compatible = "fixed-partitions";
diff --git a/arch/sandbox/dts/skeleton.dtsi b/arch/sandbox/dts/skeleton.dtsi
index 38ead821bb42..8ba7663eb5c0 100644
--- a/arch/sandbox/dts/skeleton.dtsi
+++ b/arch/sandbox/dts/skeleton.dtsi
@@ -6,8 +6,8 @@
/ {
#address-cells = <2>;
- #size-cells = <1>;
+ #size-cells = <2>;
chosen { };
aliases { };
- memory { device_type = "memory"; reg = <0 0 0>; };
+ memory { device_type = "memory"; reg = <0 0 0 0>; };
};
diff --git a/arch/sandbox/mach-sandbox/include/mach/hostfile.h b/arch/sandbox/mach-sandbox/include/mach/hostfile.h
index 54f690be5f7f..e2f44c4f7b0c 100644
--- a/arch/sandbox/mach-sandbox/include/mach/hostfile.h
+++ b/arch/sandbox/mach-sandbox/include/mach/hostfile.h
@@ -4,7 +4,7 @@
struct hf_info {
int fd;
unsigned long long base;
- size_t size;
+ unsigned long long size;
const char *devname;
const char *filename;
};
diff --git a/arch/sandbox/os/common.c b/arch/sandbox/os/common.c
index 69fadb3b47a4..9f26f8fa6e9a 100644
--- a/arch/sandbox/os/common.c
+++ b/arch/sandbox/os/common.c
@@ -267,9 +267,13 @@ static int add_image(char *str, char *devname_template, int *devname_number)
goto err_out;
}
}
- hf->base = (unsigned long)mmap(NULL, hf->size,
- PROT_READ | (readonly ? 0 : PROT_WRITE),
- MAP_SHARED, fd, 0);
+ if (hf->size <= SIZE_MAX)
+ hf->base = (unsigned long)mmap(NULL, hf->size,
+ PROT_READ | (readonly ? 0 : PROT_WRITE),
+ MAP_SHARED, fd, 0);
+ else
+ printf("warning: %s: contiguous map failed\n", filename);
+
if (hf->base == (unsigned long)MAP_FAILED)
printf("warning: mmapping %s failed: %s\n", filename, strerror(errno));
--
2.28.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2020-09-14 10:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-14 10:05 [PATCH master 1/7] sandbox: hostfile: error out if file couldn't be opened Ahmad Fatoum
2020-09-14 10:05 ` Ahmad Fatoum [this message]
2020-09-14 10:05 ` [PATCH master 3/7] sandbox: support escaping commas in --image filenames Ahmad Fatoum
2020-09-14 13:42 ` Ahmad Fatoum
2020-09-14 10:05 ` [PATCH master 4/7] readkey: fix buffer overflow handling longer escape sequences Ahmad Fatoum
2020-09-14 10:05 ` [PATCH master 5/7] sandbox: fix SANDBOX_UNWIND dependency to be KASAN only Ahmad Fatoum
2020-09-14 10:05 ` [PATCH master 6/7] fs: don't free device in remove callback Ahmad Fatoum
2020-09-14 10:05 ` [PATCH master 7/7] common: ubsan: replace pr_err with printf Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200914100553.24808-2-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox