lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 May 2020 20:01:53 -0700 From: Kees Cook <keescook@...omium.org> To: Dan Williams <dan.j.williams@...el.com> Cc: gregkh@...uxfoundation.org, Arnd Bergmann <arnd@...db.de>, Ingo Molnar <mingo@...hat.com>, Matthew Wilcox <willy@...radead.org>, Russell King <linux@....linux.org.uk>, Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, linux-mm@...ck.org Subject: Re: [PATCH v4] /dev/mem: Revoke mappings when a driver claims the region On Thu, May 21, 2020 at 02:06:17PM -0700, Dan Williams wrote: > The typical usage of unmap_mapping_range() is part of > truncate_pagecache() to punch a hole in a file, but in this case the > implementation is only doing the "first half" of a hole punch. Namely it > is just evacuating current established mappings of the "hole", and it > relies on the fact that /dev/mem establishes mappings in terms of > absolute physical address offsets. Once existing mmap users are > invalidated they can attempt to re-establish the mapping, or attempt to > continue issuing read(2) / write(2) to the invalidated extent, but they > will then be subject to the CONFIG_IO_STRICT_DEVMEM checking that can > block those subsequent accesses. Nice! Reviewed-by: Kees Cook <keescook@...omium.org> And a thread hijack... ;) I think this is very close to providing a way to solve another issue I've had with /dev/mem, which is to zero the view of the first 1MB of /dev/mem via mmap. I only fixed the read/write accesses: a4866aa81251 ("mm: Tighten x86 /dev/mem with zeroing reads") I.e. the low 1MB range should be considered allowed, but any reads will see zeros. > + unmap_mapping_range(inode->i_mapping, res->start, resource_size(res), 1); Is unmap_mapping_range() sufficient for this? Would it need to happen once during open_port() or something more special during mmap_mem()? -- Kees Cook
Powered by blists - more mailing lists