| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Jul 2021 09:55:35 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Robin Murphy' <robin.murphy@....com>,
Catalin Marinas <catalin.marinas@....com>
CC: Chen Huang <chenhuang5@...wei.com>,
Al Viro <viro@...iv.linux.org.uk>,
Matthew Wilcox <willy@...radead.org>,
Christoph Hellwig <hch@...radead.org>,
Mark Rutland <mark.rutland@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Stephen Rothwell <sfr@...b.auug.org.au>,
"Randy Dunlap" <rdunlap@...radead.org>,
Will Deacon <will@...nel.org>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
linux-mm <linux-mm@...ck.org>,
"open list" <linux-kernel@...r.kernel.org>
Subject: RE: [BUG] arm64: an infinite loop in generic_perform_write()
> > I think it's worth doing the copy_to_user() fallback in a loop until it
> > faults or hits the end of the buffer. This would solve the problem we
> > currently have with writing more bytes than actually reported. The
> > copy_from_user() is not necessary, a byte would suffice.
>
> The thing is, we don't really have that problem since the set_fs cleanup
> removed IMP-DEF STP behaviour from the picture - even with the current
> mess we could perfectly well know which of the two STTRs faulted if we
...
There is a much more interesting case though.
It is possible for userspace to have supplied a misaligned
buffer that is mmapped to an IO address that doesn't support
misaligned accesses even though normal memory does support them.
So the 'byte retry' loop would work for the entire buffer.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists