lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFyQ=iSMnLAywumYpGBOBiqxL2qO9u9OsTF=RFfYBnz10g@mail.gmail.com>
Date:	Tue, 3 Jun 2014 08:32:50 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Greg KH <gregkh@...uxfoundation.org>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Arnd Bergmann <arnd@...db.de>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] char/misc driver patches for 3.16-rc1

On Mon, Jun 2, 2014 at 10:44 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
>
> Bin Wang (1):
>       uio: fix vma io range check in mmap

Greg, this is BS.

If the UIO memory size is smaller than a page, we cannot mmap it
safely, because the mmap will map random memory *after* the memory
area too. This is not like a regular file mapping where the kernel can
just zero-pad up to the end of the page.

We had this bug before (and even worse - it would mmap unaligned IO
structures too, so now the actual mapped address didn't actually
correspond to the returned user mapping address at all), and we fixed
them. See

  7314e613d5ff Fix a few incorrectly checked [io_]remap_pfn_range() calls
  b65502879556 uio: we cannot mmap unaligned page contents

so now you've re-introduced part of the problem, and marked it for stable too.

The commit log shows nothing useful. It basically just says "let's
reintroduce this bug" without even giving an excuse why that would be
a good idea.

And it really _isn't_ a good idea. At least you didn't remove the
alignment check, but the thing is, if a resource is less than a page
in size, it's quite possibly also unaligned, so the fix doesn't even
*fix* anything, except by pure luck. The fact is, memory-mapping
device areas smaller than one page is simply a bad bad idea.

Don't do this shit.

                      Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ