From: Rik van Riel <riel@redhat.com>
To: David Rientjes <rientjes@google.com>,
zhongjiang <zhongjiang@huawei.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Rich Felker <dalias@libc.org>,
Andrew Morton <akpm@linux-foundation.org>,
arnd@arndb.de, hannes@cmpxchg.org, kirill@shutemov.name,
mgorman@techsingularity.net, hughd@google.com,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [RESENT PATCH] x86/mem: fix the offset overflow when read/write mem
Date: Wed, 03 May 2017 14:46:07 -0400 [thread overview]
Message-ID: <1493837167.20270.8.camel@redhat.com> (raw)
In-Reply-To: <alpine.DEB.2.10.1705021350510.116499@chino.kir.corp.google.com>
[-- Attachment #1: Type: text/plain, Size: 1243 bytes --]
On Tue, 2017-05-02 at 13:54 -0700, David Rientjes wrote:
> > diff --git a/drivers/char/mem.c b/drivers/char/mem.c
> > index 7e4a9d1..3a765e02 100644
> > --- a/drivers/char/mem.c
> > +++ b/drivers/char/mem.c
> > @@ -55,7 +55,7 @@ static inline int
> valid_phys_addr_range(phys_addr_t addr, size_t count)
> >
> > static inline int valid_mmap_phys_addr_range(unsigned long pfn,
> size_t size)
> > {
> > - return 1;
> > + return (pfn << PAGE_SHIFT) + size <= __pa(high_memory);
> > }
> > #endif
> >
>
> I suppose you are correct that there should be some sanity checking
> on the
> size used for the mmap().
My apologies for not responding earlier. It may
indeed make sense to have a sanity check here.
However, it is not as easy as simply checking the
end against __pa(high_memory). Some systems have
non-contiguous physical memory ranges, with gaps
of invalid addresses in-between.
You would have to make sure that both the beginning
and the end are valid, and that there are no gaps of
invalid pfns in the middle...
At that point, is the complexity so much that it no
longer makes sense to try to protect against root
crashing the system?
--
All rights reversed
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
next prev parent reply other threads:[~2017-05-03 18:46 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-27 11:49 zhongjiang
2017-05-02 1:47 ` zhong jiang
2017-05-02 20:54 ` David Rientjes
2017-05-03 6:42 ` zhong jiang
2017-05-03 18:46 ` Rik van Riel [this message]
2017-05-04 2:28 ` zhong jiang
2017-05-09 15:46 ` Rik van Riel
2017-05-10 2:14 ` zhong jiang
2017-05-10 2:15 ` Xishi Qiu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1493837167.20270.8.camel@redhat.com \
--to=riel@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bhelgaas@google.com \
--cc=dalias@libc.org \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@techsingularity.net \
--cc=rientjes@google.com \
--cc=ysato@users.sourceforge.jp \
--cc=zhongjiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox