| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110722091151.GA4004@tiehlicka.suse.cz>
Date: Fri, 22 Jul 2011 11:11:51 +0200
From: Michal Hocko <mhocko@...e.cz>
To: Venki Pallipadi <venkatesh.pallipadi@...el.com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org,
Ingo Molnar <mingo@...e.hu>, "H. Peter Anvin" <hpa@...or.com>
Subject: [PATCH] x86, PAT: honor CONFIG_STRICT_DEVMEM if pat is disable]
Hi,
I have just come across a strange behavior of /dev/[k]mem when PAT is
configured while STRICT_DEVMEM is disabled.
One would expect that /dev/kmem would allow to access also the
system RAM in that configuration but that is not obviously true as pat
code defines range_is_allowed to protect from accessing that memory.
AFAICS this behavior was introduced in 0124cecf (x86, PAT: disable
/dev/mem mmap RAM with PAT) which says that it disables [k]mem with PAT
because it is safer. There is no explanation why it allows to access
that memory if CONFIG_NONPROMISC_DEVMEM (CONFIG_STRICT_DEVMEM now).
The thing is even more complicated by the fact that the access is
allowed when nopat kernel parameter is specified because
range_is_allowed just does't call devmem_is_allowed in that case.
While I do agree that the feature is not safe in general we should honor
STRICT_DEVMEM setting in some way IMO.
What do you think about the following fix? I have tried to preserve
"disabled for PAT" by default behavior.
---
>From e905f034d860c52de306b410ef148d601eae9e7f Mon Sep 17 00:00:00 2001
From: Michal Hocko <mhocko@...e.cz>
Date: Fri, 22 Jul 2011 11:01:01 +0200
Subject: [PATCH] x86, PAT: honor CONFIG_STRICT_DEVMEM if pat is disable
since 0124cecf (x86, PAT: disable /dev/mem mmap RAM with PAT) we are
disabling access to the system RAM as if STRICT_DEVMEM was enabled by
default. If we, however, disable pat by nopat kernel parameter we can
access that memory without considering CONFIG_STRICT_DEVMEM.
Let's make the code to honor STRICT_DEVMEM while we still preserve
disabled by default behavior. This means that the access to the system
memory is granted only if nopat is provided and STRICT_DEVMEM is
disabled.
Signed-off-by: Michal Hocko <mhocko@...e.cz>
---
arch/x86/mm/pat.c | 10 ++--------
1 files changed, 2 insertions(+), 8 deletions(-)
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index f6ff57b..fbaf3fc 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -472,13 +472,6 @@ pgprot_t phys_mem_access_prot(struct file *file, unsigned long pfn,
return vma_prot;
}
-#ifdef CONFIG_STRICT_DEVMEM
-/* This check is done in drivers/char/mem.c in case of STRICT_DEVMEM*/
-static inline int range_is_allowed(unsigned long pfn, unsigned long size)
-{
- return 1;
-}
-#else
/* This check is needed to avoid cache aliasing when PAT is enabled */
static inline int range_is_allowed(unsigned long pfn, unsigned long size)
{
@@ -486,8 +479,10 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size)
u64 to = from + size;
u64 cursor = from;
+#ifndef CONFIG_STRICT_DEVMEM
if (!pat_enabled)
return 1;
+#endif
while (cursor < to) {
if (!devmem_is_allowed(pfn)) {
@@ -501,7 +496,6 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size)
}
return 1;
}
-#endif /* CONFIG_STRICT_DEVMEM */
int phys_mem_access_prot_allowed(struct file *file, unsigned long pfn,
unsigned long size, pgprot_t *vma_prot)
--
1.7.5.4
--
Michal Hocko
SUSE Labs
SUSE LINUX s.r.o.
Lihovarska 1060/12
190 00 Praha 9
Czech Republic
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists