lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <525FAC8B02000078000FBAE8@nat28.tlf.novell.com>
Date:	Thu, 17 Oct 2013 08:23:23 +0100
From:	"Jan Beulich" <JBeulich@...e.com>
To:	"Andrew Morton" <akpm@...ux-foundation.org>
Cc:	<davem@...emloft.net>, <adobriyan@...il.com>,
	<d.hatayama@...fujitsu.com>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] fix proc_reg_get_unmapped_area()

>>> On 16.10.13 at 22:40, Andrew Morton <akpm@...ux-foundation.org> wrote:
> On Wed, 16 Oct 2013 12:32:40 +0100 "Jan Beulich" <JBeulich@...e.com> wrote:
> 
>> Commit c4fe24485729fc2cbff324c111e67a1cc2f9adea ("sparc: fix PCI device
>> proc file mmap(2)"), while fixing one problem, introduced two new ones:
>> - the function truncates the return value from ->get_unmapped_area() on
>>   64-bit architectures,
>> - _all_ descendants are now required to set .get_unmapped_area to non-
>>   NULL, which wasn't necessary before (and shouldn't be).
>> 
>> Both - afaict - are a result from a too simplistic copy'n'paste from
>> proc_reg_mmap() done in that change.
>> 
>> This likely also addresses reports like the one at
>> 
> http://linux-kernel.2935.n7.nabble.com/mmap-for-proc-vmcore-broken-since-3-12-rc1-td729 
> 326.html.
>> 
>> ...
>>
>> --- 3.12-rc5/fs/proc/inode.c
>> +++ 3.12-rc5-proc-get-unmapped-area/fs/proc/inode.c
>> @@ -288,12 +288,12 @@ static int proc_reg_mmap(struct file *fi
>>  static unsigned long proc_reg_get_unmapped_area(struct file *file, unsigned 
> long orig_addr, unsigned long len, unsigned long pgoff, unsigned long flags)
>>  {
>>  	struct proc_dir_entry *pde = PDE(file_inode(file));
>> -	int rv = -EIO;
>> -	unsigned long (*get_unmapped_area)(struct file *, unsigned long, unsigned 
> long, unsigned long, unsigned long);
>> +	unsigned long rv = -EIO;
>> +
>>  	if (use_pde(pde)) {
>> -		get_unmapped_area = pde->proc_fops->get_unmapped_area;
>> -		if (get_unmapped_area)
>> -			rv = get_unmapped_area(file, orig_addr, len, pgoff, flags);
>> +		rv = (pde->proc_fops->get_unmapped_area
>> +		      ?: current->mm->get_unmapped_area)(file, orig_addr, len,
>> +							 pgoff, flags);
>>  		unuse_pde(pde);
>>  	}
>>  	return rv;
> 
> I think these two patches will address the problems:
> 
> http://ozlabs.org/~akpm/mmots/broken-out/procfs-fix-unintended-truncation-of-retur 
> ned-mapped-address.patch
> http://ozlabs.org/~akpm/mmots/broken-out/procfs-call-default-get_unmapped_area-on- 
> mmu-present-architectures.patch
> 
> I'll be sending those Linuswards today.  Please check them.  (I think
> your version would break the nommu build).

Yes indeed - I did search for existing patches, but didn't find them.
I see Linus merged them already, so there's no point anymore
sending Reviewed-by tags.

I think though that in the !MMU case the second of them leaves an
issue unfixed nevertheless: If the specific procfs handler has no
.get_unmapped_area, the operation would still fail in that case
rather than succeed as it did before that wrapper got added.)

Jan

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ