lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080307070147.GA9888@linux-os.sc.intel.com>
Date:	Thu, 6 Mar 2008 23:01:47 -0800
From:	Venki Pallipadi <venkatesh.pallipadi@...el.com>
To:	Ingo Molnar <mingo@...e.hu>, "H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>
Cc:	arjan@...ux.intel.com, linux-kernel <linux-kernel@...r.kernel.org>
Subject: [PATCH] Add range_is_allowed() check to mmap of /dev/mem


Earlier patch that introduced CONFIG_NONPROMISC_DEVMEM, did the
range_is_allowed() check only for read and write. Add range_is_allowed()
check to mmap of /dev/mem as well.

Changes the paramaters of range_is_allowed() to pfn and size to handle
more than 32 bits of physical address on 32 bit arch cleanly.

Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@...el.com>

Index: linux-2.6.git/drivers/char/mem.c
===================================================================
--- linux-2.6.git.orig/drivers/char/mem.c	2008-03-03 15:29:50.000000000 -0800
+++ linux-2.6.git/drivers/char/mem.c	2008-03-03 15:55:46.000000000 -0800
@@ -109,24 +109,26 @@
 #endif
 
 #ifdef CONFIG_NONPROMISC_DEVMEM
-static inline int range_is_allowed(unsigned long from, unsigned long to)
+static inline int range_is_allowed(unsigned long pfn, unsigned long size)
 {
-	unsigned long cursor;
-
-	cursor = from >> PAGE_SHIFT;
-	while ((cursor << PAGE_SHIFT) < to) {
-		if (!devmem_is_allowed(cursor)) {
-			printk(KERN_INFO "Program %s tried to read /dev/mem "
-				"between %lx->%lx.\n",
+	u64 from = ((u64)pfn) << PAGE_SHIFT;
+	u64 to = from + size;
+	u64 cursor = from;
+
+	while (cursor < to) {
+		if (!devmem_is_allowed(pfn)) {
+			printk(KERN_INFO
+		"Program %s tried to access /dev/mem between %Lx->%Lx.\n",
 				current->comm, from, to);
 			return 0;
 		}
-		cursor++;
+		cursor += PAGE_SIZE;
+		pfn++;
 	}
 	return 1;
 }
 #else
-static inline int range_is_allowed(unsigned long from, unsigned long to)
+static inline int range_is_allowed(unsigned long pfn, unsigned long size)
 {
 	return 1;
 }
@@ -181,7 +183,7 @@
 		 */
 		ptr = xlate_dev_mem_ptr(p);
 
-		if (!range_is_allowed(p, p+count))
+		if (!range_is_allowed(p >> PAGE_SHIFT, count))
 			return -EPERM;
 		if (copy_to_user(buf, ptr, sz))
 			return -EFAULT;
@@ -240,7 +242,7 @@
 		 */
 		ptr = xlate_dev_mem_ptr(p);
 
-		if (!range_is_allowed(p, p+sz))
+		if (!range_is_allowed(p >> PAGE_SHIFT, sz))
 			return -EPERM;
 		copied = copy_from_user(ptr, buf, sz);
 		if (copied) {
@@ -309,6 +311,9 @@
 	if (!private_mapping_ok(vma))
 		return -ENOSYS;
 
+	if (!range_is_allowed(vma->vm_pgoff, size))
+		return -EPERM;
+
 	vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
 						 size,
 						 vma->vm_page_prot);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ