lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 24 Feb 2015 17:55:24 +0900
From:	Mark Brown <broonie@...nel.org>
To:	Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH 1/2] regmap: Add range check in _regmap_raw_read()

On Thu, Feb 19, 2015 at 01:02:03PM +0000, Srinivas Kandagatla wrote:

> The culprit was in my test code, which I eventually fixed. However I would
> have expected regmap to do some out of bound check before it tries to access
> the register space.

> If I try to do an out of bound access via regmap_read()/write() it throws up
> an error, which is not the same with regmap_bulk_read/write() apis.

> I was lucky that I got a page fault as the register range was just at page
> boundary, but in cases where the range is not at page boundary, Its highly
> likely that it could silently corrupt other memory location( specially in
> write cases).

The risk of page faults mostly only applies to memory mapped register
maps - most register maps are on other buses where things are a bit less
clear, we do often have writes to undocumented registers which aren't
included in the readability checks (indeed it's rare for anything to
actually give us writability information for the write side).  As
covered in earlier messages a part of this is a performance tradeoff,
it's potentially expensive for us to do the checks on bulk I/O but for
single register access it's much cheaper relative to the operation as a
whole.

It's particularly interesting for MMIO actually as these devices are by
far the most performance intensive, we don't have all the costs of the
bus to mask what regmap is doing.

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ