lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 4 Aug 2009 12:07:20 +0200
From:	Leon Woestenberg <leon.woestenberg@...il.com>
To:	KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>
Cc:	Hugh Dickins <hugh.dickins@...cali.co.uk>,
	linux-kernel@...r.kernel.org
Subject: Re: get_user_pages() on an mmap()ed file allowed? What to do if 0 < 
	get_user_pages(..., nr_pages, ...) < nr_pages?

Hello,

On Tue, Aug 4, 2009 at 11:50 AM, KAMEZAWA
Hiroyuki<kamezawa.hiroyu@...fujitsu.com> wrote:
> On Tue, 4 Aug 2009 10:57:33 +0200
> Leon Woestenberg <leon.woestenberg@...il.com> wrote:
>
>
>> >> - what should a driver do when get_user_pages() returns less pages
>> >> than requested?
>> >
>> > Probably put_page the pages gotten then report the surprise;
>> > perhaps, before putting the pages gotten, try get_user_pages
>> > on the next alone, to see what error code is returned for that.
>> >
>> > Unless it's happy to work with fewer pages than requested,
>> > in which case work with them and ignore the surprise.
>> >
>> I expect a certain amount of data to be DMA'd from the PCI device to
>> the file mmap, so I'ld rather map the complete file before I start
>> DMA.
>>
> I wonder.... If your device does DMA from-PCI-to-user, then,
>
>  rc = get_user_pages(current, current->mm, start & PAGE_MASK,
> nr_pages, 0 /* do not write*/, 1 /* do force */, pages, NULL);
>
> This is *write* access. isn't it ? (contents of pages got by this call
> will be overwritten by DMA ?)
>
>From the header:

int get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
unsigned long start,
int len, int write, int force, struct page **pages, struct
vm_area_struct **vmas);

So with write being 0, I think it is read access to user space pages.


The actual code looks like this:

        /* is the PCI device (DMA) writing to user space? */
        to_user = !dir_to_dev;

        ...

	/* to_user != 0 means read from device, write into user space buffer memory */
	rc = get_user_pages(current, current->mm, (unsigned long)start &
PAGE_MASK, nr_pages, to_user,



> About (rc != nr_pages) case, I doubt there are difference between
> mmap region (or size of file) and [start, start+count) passed to you device.
>
I will tripple check this.

My current test is rather static (fixed size files I read from, fixed
mmap length etc) and rc varies wildly. As I said, I will check what
get_user_pages() fails on internally.

I will probably cook up a patch with Brice's idea (storing the error
code in the page[i], where i = rc).

Regards,
-- 
Leon
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ