lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160531130821.GV19428@n2100.arm.linux.org.uk>
Date:	Tue, 31 May 2016 14:08:21 +0100
From:	Russell King - ARM Linux <linux@...linux.org.uk>
To:	Robin Murphy <robin.murphy@....com>
Cc:	arnd@...db.de, gregkh@...uxfoundation.org,
	wangkefeng.wang@...wei.com, linux-kernel@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] drivers: char: mem: Check {read,write}_kmem() addresses

On Tue, May 31, 2016 at 01:52:45PM +0100, Robin Murphy wrote:
> Arriving at read_kmem() with an offset representing a bogus kernel
> address (e.g. 0 from a simple "cat /dev/kmem") leads to copy_to_user
> faulting on the kernel-space read.
> 
> x86_64 happens to get away with this since the optimised implementation
> uses "rep movs*", thus the user write (which is allowed to fault) and
> the kernel read are the same instruction, the kernel-side fault falls
> into the userspace fixup handler and a chain of events transpires
> leading to returning the expected -EFAULT. On other architectures,
> though, the read is not covered by the fixup entry for the write, and we
> get a straightforward "Unable to hande kernel paging request..." dump.
> 
> The more typical use-case of mmap_kmem() already validates the address
> with pfn_valid() as one might expect, so let's make that consistent
> across {read,write}_kem() too.
> 
> Reported-by: Kefeng Wang <wangkefeng.wang@...wei.com>
> Signed-off-by: Robin Murphy <robin.murphy@....com>
> ---
> 
> I'm not sure if this warrants going to stable or not, as it's really
> just making an existing failure case more graceful and less confusing.

Returning -EFAULT because the kernel-side address (iow, file offset) is
invalid is not particularly nice:

NAME
       read - read from a file descriptor

ERRORS
       EFAULT buf is outside your accessible address space.

Latest POSIX has:

ENXIO
	A request was made of a nonexistent device, or the
	request was outside the capabilities of the device.

which to me looks like a better error code to return, as file offsets
which are not valid can be interpreted as being "outside the
capabilities of the device".  EFAULT has always on Linux meant that
the user passed an invalid userspace buffer.

-- 
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ