lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 4 Jan 2017 18:19:53 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Robin Murphy <robin.murphy@....com>
Cc:     Jason@...c4.com, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH] drivers: char: mem: Fix thinko in kmem address checks

On Wed, Jan 04, 2017 at 12:45:32PM +0100, Greg KH wrote:
> On Wed, Jan 04, 2017 at 11:37:49AM +0000, Robin Murphy wrote:
> > When borrowing the pfn_valid() check from mmap_kmem(), somebody managed
> 
> "sombody"?  :)
> 
> > to get physical and virtual addresses spectacularly muddled up, such
> > that we've ended up with checks for one being the other. Whilst this
> > does indeed prevent out-of-bounds accesses crashing, on most systems it
> > also prevents the more desirable use-case of working at all ever.
> > 
> > Check the *virtual* offset correctly for what it is.
> > 
> > Reported-by: Jason A. Donenfeld <Jason@...c4.com>
> > CC: stable@...r.kernel.org
> > Fixes: 148a1bc84398 ("drivers: char: mem: Check {read,write}_kmem() addresses")
> > Signed-off-by: Robin Murphy <robin.murphy@....com>
> > ---
> >  drivers/char/mem.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/char/mem.c b/drivers/char/mem.c
> > index 5bb1985ec484..bdc6a4018604 100644
> > --- a/drivers/char/mem.c
> > +++ b/drivers/char/mem.c
> > @@ -381,7 +381,7 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
> >  	char *kbuf; /* k-addr because vread() takes vmlist_lock rwlock */
> >  	int err = 0;
> >  
> > -	if (!pfn_valid(PFN_DOWN(p)))
> > +	if (!virt_addr_valid(p))
> >  		return -EIO;
> >  
> >  	read = 0;
> > @@ -512,7 +512,7 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
> >  	char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
> >  	int err = 0;
> >  
> > -	if (!pfn_valid(PFN_DOWN(p)))
> > +	if (!virt_addr_valid(p))
> >  		return -EIO;
> >  
> >  	if (p < (unsigned long) high_memory) {
> 
> Jason, can you verify this fixes your test case?

Well, it fails kbuild testing, so can you try it again?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ