lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 May 2007 09:10:25 -0400 From: Chris Mason <chris.mason@...cle.com> To: Nick Piggin <nickpiggin@...oo.com.au> Cc: David Woodhouse <dwmw2@...radead.org>, David Howells <dhowells@...hat.com>, David Chinner <dgc@....com>, lkml <linux-kernel@...r.kernel.org>, linux-mm <linux-mm@...ck.org>, linux-fsdevel <linux-fsdevel@...r.kernel.org> Subject: Re: [PATCH 1 of 2] block_page_mkwrite() Implementation V2 On Wed, May 16, 2007 at 11:04:11PM +1000, Nick Piggin wrote: > Chris Mason wrote: > >On Wed, May 16, 2007 at 08:09:19PM +0800, David Woodhouse wrote: > > > >>On Wed, 2007-05-16 at 11:19 +0100, David Howells wrote: > >> > >>>The start and end points passed to block_prepare_write() delimit the > >>>region of > >>>the page that is going to be modified. This means that prepare_write() > >>>doesn't need to fill it in if the page is not up to date. > >> > >>Really? Is it _really_ going to be modified? Even if the pointer > >>userspace gave to write() is bogus, and is going to fault half-way > >>through the copy_from_user()? > > > > > >This is why there are so many variations on copy_from_user that zero on > >faults. One way or another, the prepare_write/commit_write pair are > >responsible for filling it in. > > I'll add to David's question about David's comment on David's patch, yes > it will be modified but in that case it would be zero-filled as Chris > says. However I believe this is incorrect behaviour. > > It is possible to easily fix that so it would only happen via a tiny race > window (where the source memory gets unmapped at just the right time) > however nobody seemed to interested (just by checking the return value of > fault_in_pages_readable). > > The buffered write patches I'm working on fix that (among other things) of > course. But they do away with prepare_write and introduce new aops, and > they indeed must not expect the full range to have been written to. I was also wrong to say prepare_write and commit_write are responsible, they work together with their callers to make the right things happen. Oh well, so much for trying to give a short answer for a chunk of code full of corner cases ;) -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists