| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090803091019.GC6016@cr0.nay.redhat.com> Date: Mon, 3 Aug 2009 17:10:19 +0800 From: Amerigo Wang <xiyou.wangcong@...il.com> To: KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com> Cc: Amerigo Wang <xiyou.wangcong@...il.com>, Mike Smith <scgtrp@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, bugzilla-daemon@...zilla.kernel.org, bugme-daemon@...zilla.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [BUGFIX][PATCH 1/3] fix vread/vwrite to be aware of memory hole On Fri, Jul 31, 2009 at 07:32:15PM +0900, KAMEZAWA Hiroyuki wrote: >Amerigo Wang さんは書きました: >> On Fri, Jul 31, 2009 at 04:11:28PM +0900, KAMEZAWA Hiroyuki wrote: >>>From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com> >>> >>>vread/vwrite access vmalloc area without checking there is a page or not. >>> >>>In old ages, the caller of get_vm_ara() is only IOREMAP and there is no >>>memory hole within vm_struct's [addr...addr + size - PAGE_SIZE] >>>( -PAGE_SIZE is for a guard page.) >>> >>>After per-cpu-alloc patch, it uses get_vm_area() for reserve continuous >>>virtual address but remap _later_. There tend to be a hole in valid >>> vmalloc >>>area in vm_struct lists. >>>Then, skip the hole (not mapped page) is necessary. >>>This patch updates vread/vwrite() for avoiding memory hole. >>> >>>Routines which access vmalloc area without knowing for which addr is used >>>are >>> - /proc/kcore >>> - /dev/kmem >>> >>>kcore checks IOREMAP, /dev/kmem doesn't. After this patch, IOREMAP is >>>checked and /dev/kmem will avoid to read/write it. >>>Fixes to /proc/kcore will be in the next patch in series. >>> >>>And, this itself fixes the bug as >>># dd if=/dev/kmem of=/dev/null bs=1024 count=1048576 skip=3145728 >>>can cause panic. >> >> >> What panic? :-) Would you mind to put it here? >> >It directly reboot ;( and no log. >plz try. I tried it on an x86_64 machine, no panic, just: dd: reading `/dev/kmem': Bad address Only appears on i386? :) >>>- return buf - buf_start; >>>+ >>>+ if (buf == buf_start) >>>+ return 0; >>>+ /* zero-fill memory holes */ >>>+ if (buf != buf_start + buflen) >>>+ memset(buf, 0, buflen - (buf - buf_start)); >> >> >> Is this necessary? >> >I wrote "filled by zero" and thinks it's sane, then does this. >Now, /proc/kcore allocates memory by kzalloc(), this is redundant. >/dev/kmem doesn't do that. OK. >ouch.. > >Thank you for review. >I'm sorry that new version will not appear until next week. >I can't access x86-32 in the weekend. No problem, feel free to do it at any time that is convinient for you. Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists