lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 25 Jun 2016 09:20:06 +0800
From:	"Chenjie (K)" <chenjie6@...wei.com>
To:	Michal Hocko <mhocko@...nel.org>
CC:	<linux-mm@...ck.org>, <akpm@...ux-foundation.org>,
	<linux-kernel@...r.kernel.org>, <David.Woodhouse@...el.com>,
	<zhihui.gao@...wei.com>, <panxuesong@...wei.com>,
	<akpm@...ux-foundation.org>
Subject: Re: [PATCH] memory:bugxfix panic on cat or write /dev/kmem



On 2016/6/23 20:42, Michal Hocko wrote:
> On Fri 24-06-16 01:30:10, chenjie6@...wei.com wrote:
>> From: chenjie <chenjie6@...wei.com>
>>
>> cat /dev/kmem and echo > /dev/kmem will lead panic
>
> Writing to /dev/kmem without being extremely careful is a disaster AFAIK
> and even reading from the file can lead to unexpected results. Anyway
> I am trying to understand what exactly you are trying to fix here. Why
> writing to/reading from zero pfn should be any special wrt. any other
> potentially dangerous addresses
>

cat /dev/mem not panic. cat /dev/kmem, just the user's operation for 
nothing.

>>
>> Signed-off-by: chenjie <chenjie6@...wei.com>
>> ---
>>   drivers/char/mem.c | 7 +++++++
>>   1 file changed, 7 insertions(+)
>>
>> diff --git a/drivers/char/mem.c b/drivers/char/mem.c
>> index 71025c2..4bdde28 100644
>> --- a/drivers/char/mem.c
>> +++ b/drivers/char/mem.c
>> @@ -412,6 +412,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
>>   			 * by the kernel or data corruption may occur
>>   			 */
>>   			kbuf = xlate_dev_kmem_ptr((void *)p);
>> +			if (!kbuf)
>> +				return -EFAULT;
>>
>>   			if (copy_to_user(buf, kbuf, sz))
>>   				return -EFAULT;
>> @@ -482,6 +484,11 @@ static ssize_t do_write_kmem(unsigned long p, const char __user *buf,
>>   		 * corruption may occur.
>>   		 */
>>   		ptr = xlate_dev_kmem_ptr((void *)p);
>> +		if (!ptr) {
>> +			if (written)
>> +				break;
>> +			return -EFAULT;
>> +		}
>>
>>   		copied = copy_from_user(ptr, buf, sz);
>>   		if (copied) {
>> --
>> 1.8.0
>>
>> --
>> To unsubscribe, send a message with 'unsubscribe linux-mm' in
>> the body to majordomo@...ck.org.  For more info on Linux MM,
>> see: http://www.linux-mm.org/ .
>> Don't email: <a href=mailto:"dont@...ck.org"> email@...ck.org </a>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ