Re: sudo x86info -a => kernel BUG at mm/usercopy.c:78!

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Tommi Rantala <tommi.t.rantala@nokia.com>,
	Dave Jones <davej@codemonkey.org.uk>,
	Linux-MM <linux-mm@kvack.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Laura Abbott <labbott@redhat.com>, Ingo Molnar <mingo@kernel.org>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Mark Rutland <mark.rutland@arm.com>,
	Eric Biggers <ebiggers@google.com>
Subject: Re: sudo x86info -a => kernel BUG at mm/usercopy.c:78!
Date: Tue, 4 Apr 2017 15:59:54 -0700	[thread overview]
Message-ID: <CAGXu5jL3yC0ST--c6Ph7_tq95fqeWTCpw02690dEDYgUa_KgKA@mail.gmail.com> (raw)
In-Reply-To: <CA+55aFzSzemLt+GeynyavM7HzsOjGBrG=_S6XMFV=Xc1mn-UGA@mail.gmail.com>

On Tue, Apr 4, 2017 at 3:55 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Tue, Apr 4, 2017 at 3:37 PM, Kees Cook <keescook@chromium.org> wrote:
>>
>> For one of my systems, I see something like this:
>>
>> 00000000-00000fff : reserved
>> 00001000-0008efff : System RAM
>> 0008f000-0008ffff : reserved
>> 00090000-0009f7ff : System RAM
>> 0009f800-0009ffff : reserved
>
> That's fairly normal.
>
>> I note that there are two "System RAM" areas below 0x100000.
>
> Yes. Traditionally the area from about 4k to 640kB is RAM. With a
> random smattering of BIOS areas.
>
>>  * On x86, access has to be given to the first megabyte of ram because that area
>>  * contains BIOS code and data regions used by X and dosemu and similar apps.
>
> Rigth. Traditionally, dosemu did one big mmap of the 1MB area to just
> get all the BIOS data in one go.
>
>> This means that it allows reads into even System RAM below 0x100000,
>> but I think that's a mistake.
>
> What you think is a "mistake" is how /dev/mem has always worked.
>
> /dev/mem gave access to all the memory of the system. That's LITERALLY
> the whole point of it. There was no "BIOS area" or anything else. It
> was access to physical memory.
>
> We've added limits to it, but those limits came later, and they came
> with the caveat that lots of programs used /dev/mem in various ways.
>
> Nobody was crazy enough to read /dev/mem one byte at a time trying to
> follow BIOS tables. No, the traditional way was to just map (or read)
> large chunks of it, and then follow the tables in the result. The
> easiest way was to just do the whole low 1MB.
>
> There's no "mistake" here. The only thing that is mistaken is you
> thinking that we can redefine reality and change history.

I'm not trying to rewrite history. :) I'm try to understand the
requirements for how the 1MB area was used, which you've explained the
history of now. (Thank you!)

> I already explained what the likely fix is: make devmem_is_allowed()
> return a ternary value, so that those things that *do* read the BIOS
> area can just continue to do so, but they see zeroes for the parts
> that the kernel has taken over.

Sounds good to me. I'll go work on that.

-Kees

-- 
Kees Cook
Pixel Security

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

next prev parent reply	other threads:[~2017-04-04 22:59 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-30  6:44 Tommi Rantala
2017-03-30 16:45 ` Kees Cook
2017-03-30 17:20   ` Mark Rutland
2017-03-30 17:27   ` Laura Abbott
2017-03-30 17:37     ` Kees Cook
2017-03-30 17:44       ` Laura Abbott
2017-03-31  5:44         ` Tommi Rantala
2017-03-30 19:41   ` Dave Jones
2017-03-30 19:52     ` Kees Cook
2017-03-30 20:01       ` Dave Jones
2017-03-31  5:40         ` Tommi Rantala
2017-03-31  6:59           ` Tommi Rantala
2017-03-31 17:17       ` Dave Jones
2017-03-31 17:32         ` Kees Cook
2017-03-31 18:03           ` Dave Jones
2017-03-31 18:57             ` Andy Lutomirski
2017-03-31 18:26           ` Linus Torvalds
2017-03-31 19:32             ` Tommi Rantala
2017-04-04 22:37               ` Kees Cook
2017-04-04 22:55                 ` Linus Torvalds
2017-04-04 22:59                   ` Kees Cook [this message]
2017-04-05  0:22                   ` Linus Torvalds
2017-04-05 19:39                     ` Kees Cook
2017-03-31 23:58             ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGXu5jL3yC0ST--c6Ph7_tq95fqeWTCpw02690dEDYgUa_KgKA@mail.gmail.com \
    --to=keescook@chromium.org \
    --cc=davej@codemonkey.org.uk \
    --cc=ebiggers@google.com \
    --cc=jpoimboe@redhat.com \
    --cc=labbott@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mark.rutland@arm.com \
    --cc=mingo@kernel.org \
    --cc=tommi.t.rantala@nokia.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox