| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 May 2017 10:28:47 +0800
From: zhong jiang <zhongjiang@...wei.com>
To: Rik van Riel <riel@...hat.com>
CC: David Rientjes <rientjes@...gle.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Yoshinori Sato <ysato@...rs.sourceforge.jp>,
Rich Felker <dalias@...c.org>,
Andrew Morton <akpm@...ux-foundation.org>, <arnd@...db.de>,
<hannes@...xchg.org>, <kirill@...temov.name>,
<mgorman@...hsingularity.net>, <hughd@...gle.com>,
<linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>,
Xishi Qiu <qiuxishi@...wei.com>
Subject: Re: [RESENT PATCH] x86/mem: fix the offset overflow when read/write
mem
On 2017/5/4 2:46, Rik van Riel wrote:
> On Tue, 2017-05-02 at 13:54 -0700, David Rientjes wrote:
>
>>> diff --git a/drivers/char/mem.c b/drivers/char/mem.c
>>> index 7e4a9d1..3a765e02 100644
>>> --- a/drivers/char/mem.c
>>> +++ b/drivers/char/mem.c
>>> @@ -55,7 +55,7 @@ static inline int
>> valid_phys_addr_range(phys_addr_t addr, size_t count)
>>>
>>> static inline int valid_mmap_phys_addr_range(unsigned long pfn,
>> size_t size)
>>> {
>>> - return 1;
>>> + return (pfn << PAGE_SHIFT) + size <= __pa(high_memory);
>>> }
>>> #endif
>>>
>> I suppose you are correct that there should be some sanity checking
>> on the
>> size used for the mmap().
> My apologies for not responding earlier. It may
> indeed make sense to have a sanity check here.
>
> However, it is not as easy as simply checking the
> end against __pa(high_memory). Some systems have
> non-contiguous physical memory ranges, with gaps
> of invalid addresses in-between.
The invalid physical address means that it is used as
io mapped. not in system ram region. /dev/mem is not
access to them , is it right?
> You would have to make sure that both the beginning
> and the end are valid, and that there are no gaps of
> invalid pfns in the middle...
If it is limited in system ram, we can walk the resource
to exclude them. or adding pfn_valid further to optimize.
whether other situation should be consider ? I am not sure.
> At that point, is the complexity so much that it no
> longer makes sense to try to protect against root
> crashing the system?
>
your suggestion is to let the issue along without any protection.
just root user know what they are doing.
Thanks
zhongjiang
Powered by blists - more mailing lists