mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-16 02:14:58 +00:00
PM: hibernate: Don't ignore return from set_memory_ro()
set_memory_ro() and set_memory_rw() can fail, leaving memory unprotected. Take the returned value into account and abort in case of failure. Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
This commit is contained in:
parent
3fec6e5961
commit
f4311756a8
@ -153,7 +153,7 @@ extern unsigned int snapshot_additional_pages(struct zone *zone);
|
||||
extern unsigned long snapshot_get_image_size(void);
|
||||
extern int snapshot_read_next(struct snapshot_handle *handle);
|
||||
extern int snapshot_write_next(struct snapshot_handle *handle);
|
||||
extern void snapshot_write_finalize(struct snapshot_handle *handle);
|
||||
int snapshot_write_finalize(struct snapshot_handle *handle);
|
||||
extern int snapshot_image_loaded(struct snapshot_handle *handle);
|
||||
|
||||
extern bool hibernate_acquire(void);
|
||||
|
@ -58,22 +58,24 @@ static inline void hibernate_restore_protection_end(void)
|
||||
hibernate_restore_protection_active = false;
|
||||
}
|
||||
|
||||
static inline void hibernate_restore_protect_page(void *page_address)
|
||||
static inline int __must_check hibernate_restore_protect_page(void *page_address)
|
||||
{
|
||||
if (hibernate_restore_protection_active)
|
||||
set_memory_ro((unsigned long)page_address, 1);
|
||||
return set_memory_ro((unsigned long)page_address, 1);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline void hibernate_restore_unprotect_page(void *page_address)
|
||||
static inline int hibernate_restore_unprotect_page(void *page_address)
|
||||
{
|
||||
if (hibernate_restore_protection_active)
|
||||
set_memory_rw((unsigned long)page_address, 1);
|
||||
return set_memory_rw((unsigned long)page_address, 1);
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
static inline void hibernate_restore_protection_begin(void) {}
|
||||
static inline void hibernate_restore_protection_end(void) {}
|
||||
static inline void hibernate_restore_protect_page(void *page_address) {}
|
||||
static inline void hibernate_restore_unprotect_page(void *page_address) {}
|
||||
static inline int __must_check hibernate_restore_protect_page(void *page_address) {return 0; }
|
||||
static inline int hibernate_restore_unprotect_page(void *page_address) {return 0; }
|
||||
#endif /* CONFIG_STRICT_KERNEL_RWX && CONFIG_ARCH_HAS_SET_MEMORY */
|
||||
|
||||
|
||||
@ -2832,7 +2834,9 @@ next:
|
||||
}
|
||||
} else {
|
||||
copy_last_highmem_page();
|
||||
hibernate_restore_protect_page(handle->buffer);
|
||||
error = hibernate_restore_protect_page(handle->buffer);
|
||||
if (error)
|
||||
return error;
|
||||
handle->buffer = get_buffer(&orig_bm, &ca);
|
||||
if (IS_ERR(handle->buffer))
|
||||
return PTR_ERR(handle->buffer);
|
||||
@ -2858,15 +2862,18 @@ next:
|
||||
* stored in highmem. Additionally, it recycles bitmap memory that's not
|
||||
* necessary any more.
|
||||
*/
|
||||
void snapshot_write_finalize(struct snapshot_handle *handle)
|
||||
int snapshot_write_finalize(struct snapshot_handle *handle)
|
||||
{
|
||||
int error;
|
||||
|
||||
copy_last_highmem_page();
|
||||
hibernate_restore_protect_page(handle->buffer);
|
||||
error = hibernate_restore_protect_page(handle->buffer);
|
||||
/* Do that only if we have loaded the image entirely */
|
||||
if (handle->cur > 1 && handle->cur > nr_meta_pages + nr_copy_pages + nr_zero_pages) {
|
||||
memory_bm_recycle(&orig_bm);
|
||||
free_highmem_data();
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
int snapshot_image_loaded(struct snapshot_handle *handle)
|
||||
|
@ -1134,8 +1134,8 @@ static int load_image(struct swap_map_handle *handle,
|
||||
ret = err2;
|
||||
if (!ret) {
|
||||
pr_info("Image loading done\n");
|
||||
snapshot_write_finalize(snapshot);
|
||||
if (!snapshot_image_loaded(snapshot))
|
||||
ret = snapshot_write_finalize(snapshot);
|
||||
if (!ret && !snapshot_image_loaded(snapshot))
|
||||
ret = -ENODATA;
|
||||
}
|
||||
swsusp_show_speed(start, stop, nr_to_read, "Read");
|
||||
@ -1486,8 +1486,8 @@ out_finish:
|
||||
stop = ktime_get();
|
||||
if (!ret) {
|
||||
pr_info("Image loading done\n");
|
||||
snapshot_write_finalize(snapshot);
|
||||
if (!snapshot_image_loaded(snapshot))
|
||||
ret = snapshot_write_finalize(snapshot);
|
||||
if (!ret && !snapshot_image_loaded(snapshot))
|
||||
ret = -ENODATA;
|
||||
if (!ret) {
|
||||
if (swsusp_header->flags & SF_CRC32_MODE) {
|
||||
|
@ -317,7 +317,9 @@ static long snapshot_ioctl(struct file *filp, unsigned int cmd,
|
||||
break;
|
||||
|
||||
case SNAPSHOT_ATOMIC_RESTORE:
|
||||
snapshot_write_finalize(&data->handle);
|
||||
error = snapshot_write_finalize(&data->handle);
|
||||
if (error)
|
||||
break;
|
||||
if (data->mode != O_WRONLY || !data->frozen ||
|
||||
!snapshot_image_loaded(&data->handle)) {
|
||||
error = -EPERM;
|
||||
|
Loading…
x
Reference in New Issue
Block a user