lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Mon, 06 Sep 2010 06:49:41 +0200
From:	"zenek blus" <zenblu@...pl>
To:	linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Calling vm_ops->open from a driver / reusing vma memory with
 vm_ops in other drivers

Hello,
I have the following problem:

Driver A has a custom mmap() implementation and assigns own vm_ops to a 
created vma.
The process which called mmap() passes the resulting userspace address 
to another
driver, driver B.

Driver B would then like to increment usage count on that memory for a 
duration of
some operation, i.e. call vm_ops->open(). It can find_vma() for the 
userspace address
it was given and call vm_ops->open() on found vma. It can then call 
vm_ops->close()
when finished.

The problem here though is that the found vm_area_struct (and the 
userspace address
for that matter) might not be valid anymore by the time driver B wants 
to call close().
There can be three possibilities here:

a) vm_area_struct used for open() is still present and can be reused for 
close()
- that looks ok, but storing a pointer to that vma is risky, driver B 
has no way to
know whether the pointer is still valid.

b) some other vm_area_structs are still present, but driver B has no 
knowledge
about them - so it does not have anything to pass to close().

c) no vm_area_structs remain, but since we called open() before, driver 
A is still
waiting for driver B to call close(); driver B does not have anything to 
pass to
close() and there is nothing in the system that could be passed to it 
anyway.

I don't suppose copying aside the whoe vm_area_struct used for open() 
call and passing
it back to close() is a good idea. Is there any way to do this? Or maybe 
I have it all
wrong?

Thank you,
Zenek


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ