lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <54E5DECB.5020600@linaro.org>
Date:	Thu, 19 Feb 2015 13:02:03 +0000
From:	Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To:	Mark Brown <broonie@...nel.org>
CC:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH 1/2] regmap: Add range check in _regmap_raw_read()



On 19/02/15 12:21, Mark Brown wrote:
> On Thu, Feb 19, 2015 at 11:04:39AM +0000, Srinivas Kandagatla wrote:
>> On 19/02/15 10:27, Mark Brown wrote:
>
>>> readability.  A cheaper check for just max_register would be less
>>> concerning but it feels like we're trying to paper over a symptom with
>>> this rather than fix a problem.
>
>> Yes, just checking max_register would solve the issue for me, I think I over
>> done the patch.. I will resend with just max_register check.
>
> I'm still not happy with that, it still seems like we're just papering
> over some other problem here which we should understand before we do
> anything else.  Why are we generating out of bounds accesses in the
> first place?

The culprit was in my test code, which I eventually fixed. However I 
would have expected regmap to do some out of bound check before it tries 
to access the register space.

If I try to do an out of bound access via regmap_read()/write() it 
throws up an error, which is not the same with regmap_bulk_read/write() 
apis.

I was lucky that I got a page fault as the register range was just at 
page boundary, but in cases where the range is not at page boundary, Its 
highly likely that it could silently corrupt other memory location( 
specially in write cases).



>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ