| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YNRpYli/5/GWvaTT@casper.infradead.org>
Date: Thu, 24 Jun 2021 12:15:46 +0100
From: Matthew Wilcox <willy@...radead.org>
To: Christoph Hellwig <hch@...radead.org>
Cc: Chen Huang <chenhuang5@...wei.com>,
Mark Rutland <mark.rutland@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Stephen Rothwell <sfr@...b.auug.org.au>,
Al Viro <viro@...iv.linux.org.uk>,
Randy Dunlap <rdunlap@...radead.org>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
linux-mm <linux-mm@...ck.org>,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] arm64: an infinite loop in generic_perform_write()
On Thu, Jun 24, 2021 at 08:04:07AM +0100, Christoph Hellwig wrote:
> On Thu, Jun 24, 2021 at 04:24:46AM +0100, Matthew Wilcox wrote:
> > On Thu, Jun 24, 2021 at 11:10:41AM +0800, Chen Huang wrote:
> > > In userspace, I perform such operation:
> > >
> > > fd = open("/tmp/test", O_RDWR | O_SYNC);
> > > access_address = (char *)mmap(NULL, uio_size, PROT_READ, MAP_SHARED, uio_fd, 0);
> > > ret = write(fd, access_address + 2, sizeof(long));
> >
> > ... you know that accessing this at unaligned offsets isn't going to
> > work. It's completely meaningless. Why are you trying to do it?
>
> We still should not cause an infinite loop in kernel space due to a
> a userspace programmer error.
They're running as root and they've mapped some device memory. We can't
save them from themself. Imagine if they'd done this to the NVMe BAR.
Powered by blists - more mailing lists