lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 2 Aug 2011 10:03:15 +0200
From:	Michal Hocko <mhocko@...e.cz>
To:	Venki Pallipadi <venki@...gle.com>
Cc:	x86@...nel.org, linux-kernel@...r.kernel.org,
	"H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...e.hu>
Subject: Re: [PATCH resend] x86, PAT: honor CONFIG_STRICT_DEVMEM if pat is
 disabled

On Mon 01-08-11 16:33:18, Venki Pallipadi wrote:
> On Fri, Jul 22, 2011 at 2:01 AM, Michal Hocko <mhocko@...e.cz> wrote:
> >
> > since 0124cecf (x86, PAT: disable /dev/mem mmap RAM with PAT) we are
> > disabling access to the system RAM as if STRICT_DEVMEM was enabled by
> > default. If we, however, disable pat by nopat kernel parameter we can
> > access that memory without considering CONFIG_STRICT_DEVMEM.
> 
> Looking at the code, I don't think this problem exists. Code in pat.c
> disables /dev/mem mmap only when !CONFIG_STRICT_DEVMEM.

Ahh yes, you are right. I got confused by having two separate
range_is_allowed functions and didn't realize which one is called from
which context.
	mmap_mem
	  -> range_is_allowed [drivers/char/mem.c]
	       -EPERM
	  -> phys_mem_access_prot_allowed
	       -> range_is_allowed [arch/x86/mm/pat.c]

So we really get stopped at the first check and do not get to the later
one.

While we are at it. {read,write}_mem checks only range_is_allowed (mem.c
version) and it doesn't call phys_mem_access_prot_allowed so we do not
consider PAT. {read,write}_kmem doesn't check the range at all.
Is this correct?
Why do we care _only_ about mmap?

Thanks
-- 
Michal Hocko
SUSE Labs
SUSE LINUX s.r.o.
Lihovarska 1060/12
190 00 Praha 9    
Czech Republic
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ