NetBSD Problem Report #56364

From www@netbsd.org  Sun Aug 15 20:51:25 2021
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id DB5631A921F
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 15 Aug 2021 20:51:24 +0000 (UTC)
Message-Id: <20210815205123.F16D21A9239@mollari.NetBSD.org>
Date: Sun, 15 Aug 2021 20:51:23 +0000 (UTC)
From: thorpej@me.com
Reply-To: thorpej@me.com
To: gnats-bugs@NetBSD.org
Subject: genfb uses device properties to pass around virtual / physical addresses
X-Send-Pr-Version: www-1.0

>Number:         56364
>Category:       kern
>Synopsis:       genfb uses device properties to pass around virtual / physical addresses
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Aug 15 20:55:00 +0000 2021
>Originator:     Jason Thorpe
>Release:        9.99.82
>Organization:
RISCy Business
>Environment:
NetBSD the-ripe-vessel 9.99.82 NetBSD 9.99.82 (GENERIC) #0: Tue May 18 17:05:45 UTC 2021  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
genfb uses device properties to pass around physical and virtual addresses.  This is an abuse of the the properties facility.  Physical addresses may be acceptable (after all, some device trees natively store address resources as properties), but it is bad practice to store virtual addresses there, especially if running on a system with KASLR enabled.
>How-To-Repeat:
Code inspection.  Here is an example from amlogic/meson_genfb.c driver.  Other drivers are similar:

        prop_dictionary_set_uint32(cfg, "address", 0);
        prop_dictionary_set_uint32(cfg, "virtual_address",
            (uintptr_t)sc->sc_dmap);

>Fix:
Not provided.

Home	PR Database Search