lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 03 May 2017 14:46:07 -0400
From:   Rik van Riel <riel@...hat.com>
To:     David Rientjes <rientjes@...gle.com>,
        zhongjiang <zhongjiang@...wei.com>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        Yoshinori Sato <ysato@...rs.sourceforge.jp>
Cc:     Rich Felker <dalias@...c.org>,
        Andrew Morton <akpm@...ux-foundation.org>, arnd@...db.de,
        hannes@...xchg.org, kirill@...temov.name,
        mgorman@...hsingularity.net, hughd@...gle.com, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [RESENT PATCH] x86/mem: fix the offset overflow when read/write
 mem

On Tue, 2017-05-02 at 13:54 -0700, David Rientjes wrote:

> > diff --git a/drivers/char/mem.c b/drivers/char/mem.c
> > index 7e4a9d1..3a765e02 100644
> > --- a/drivers/char/mem.c
> > +++ b/drivers/char/mem.c
> > @@ -55,7 +55,7 @@ static inline int
> valid_phys_addr_range(phys_addr_t addr, size_t count)
> >  
> >  static inline int valid_mmap_phys_addr_range(unsigned long pfn,
> size_t size)
> >  {
> > -     return 1;
> > +     return (pfn << PAGE_SHIFT) + size <= __pa(high_memory);
> >  }
> >  #endif
> >  
> 
> I suppose you are correct that there should be some sanity checking
> on the 
> size used for the mmap().

My apologies for not responding earlier. It may
indeed make sense to have a sanity check here.

However, it is not as easy as simply checking the
end against __pa(high_memory). Some systems have
non-contiguous physical memory ranges, with gaps
of invalid addresses in-between.

You would have to make sure that both the beginning
and the end are valid, and that there are no gaps of
invalid pfns in the middle...

At that point, is the complexity so much that it no
longer makes sense to try to protect against root
crashing the system?

-- 
All rights reversed
Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ