lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160623124257.GB30082@dhcp22.suse.cz>
Date:	Thu, 23 Jun 2016 14:42:58 +0200
From:	Michal Hocko <mhocko@...nel.org>
To:	chenjie6@...wei.com
Cc:	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	David.Woodhouse@...el.com, zhihui.gao@...wei.com,
	panxuesong@...wei.com, akpm@...ux-foundation.org
Subject: Re: [PATCH] memory:bugxfix panic on cat or write /dev/kmem

On Fri 24-06-16 01:30:10, chenjie6@...wei.com wrote:
> From: chenjie <chenjie6@...wei.com>
> 
> cat /dev/kmem and echo > /dev/kmem will lead panic

Writing to /dev/kmem without being extremely careful is a disaster AFAIK
and even reading from the file can lead to unexpected results. Anyway
I am trying to understand what exactly you are trying to fix here. Why
writing to/reading from zero pfn should be any special wrt. any other
potentially dangerous addresses

> 
> Signed-off-by: chenjie <chenjie6@...wei.com>
> ---
>  drivers/char/mem.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/drivers/char/mem.c b/drivers/char/mem.c
> index 71025c2..4bdde28 100644
> --- a/drivers/char/mem.c
> +++ b/drivers/char/mem.c
> @@ -412,6 +412,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
>  			 * by the kernel or data corruption may occur
>  			 */
>  			kbuf = xlate_dev_kmem_ptr((void *)p);
> +			if (!kbuf)
> +				return -EFAULT;
>  
>  			if (copy_to_user(buf, kbuf, sz))
>  				return -EFAULT;
> @@ -482,6 +484,11 @@ static ssize_t do_write_kmem(unsigned long p, const char __user *buf,
>  		 * corruption may occur.
>  		 */
>  		ptr = xlate_dev_kmem_ptr((void *)p);
> +		if (!ptr) {
> +			if (written)
> +				break;
> +			return -EFAULT;
> +		}
>  
>  		copied = copy_from_user(ptr, buf, sz);
>  		if (copied) {
> -- 
> 1.8.0
> 
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@...ck.org.  For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@...ck.org"> email@...ck.org </a>

-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ