* [PATCH] Add range_is_allowed() check to mmap of /dev/mem
@ 2008-03-07 7:01 Venki Pallipadi
2008-03-07 8:37 ` Ingo Molnar
0 siblings, 1 reply; 2+ messages in thread
From: Venki Pallipadi @ 2008-03-07 7:01 UTC (permalink / raw)
To: Ingo Molnar, H. Peter Anvin, Thomas Gleixner; +Cc: arjan, linux-kernel
Earlier patch that introduced CONFIG_NONPROMISC_DEVMEM, did the
range_is_allowed() check only for read and write. Add range_is_allowed()
check to mmap of /dev/mem as well.
Changes the paramaters of range_is_allowed() to pfn and size to handle
more than 32 bits of physical address on 32 bit arch cleanly.
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Index: linux-2.6.git/drivers/char/mem.c
===================================================================
--- linux-2.6.git.orig/drivers/char/mem.c 2008-03-03 15:29:50.000000000 -0800
+++ linux-2.6.git/drivers/char/mem.c 2008-03-03 15:55:46.000000000 -0800
@@ -109,24 +109,26 @@
#endif
#ifdef CONFIG_NONPROMISC_DEVMEM
-static inline int range_is_allowed(unsigned long from, unsigned long to)
+static inline int range_is_allowed(unsigned long pfn, unsigned long size)
{
- unsigned long cursor;
-
- cursor = from >> PAGE_SHIFT;
- while ((cursor << PAGE_SHIFT) < to) {
- if (!devmem_is_allowed(cursor)) {
- printk(KERN_INFO "Program %s tried to read /dev/mem "
- "between %lx->%lx.\n",
+ u64 from = ((u64)pfn) << PAGE_SHIFT;
+ u64 to = from + size;
+ u64 cursor = from;
+
+ while (cursor < to) {
+ if (!devmem_is_allowed(pfn)) {
+ printk(KERN_INFO
+ "Program %s tried to access /dev/mem between %Lx->%Lx.\n",
current->comm, from, to);
return 0;
}
- cursor++;
+ cursor += PAGE_SIZE;
+ pfn++;
}
return 1;
}
#else
-static inline int range_is_allowed(unsigned long from, unsigned long to)
+static inline int range_is_allowed(unsigned long pfn, unsigned long size)
{
return 1;
}
@@ -181,7 +183,7 @@
*/
ptr = xlate_dev_mem_ptr(p);
- if (!range_is_allowed(p, p+count))
+ if (!range_is_allowed(p >> PAGE_SHIFT, count))
return -EPERM;
if (copy_to_user(buf, ptr, sz))
return -EFAULT;
@@ -240,7 +242,7 @@
*/
ptr = xlate_dev_mem_ptr(p);
- if (!range_is_allowed(p, p+sz))
+ if (!range_is_allowed(p >> PAGE_SHIFT, sz))
return -EPERM;
copied = copy_from_user(ptr, buf, sz);
if (copied) {
@@ -309,6 +311,9 @@
if (!private_mapping_ok(vma))
return -ENOSYS;
+ if (!range_is_allowed(vma->vm_pgoff, size))
+ return -EPERM;
+
vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
size,
vma->vm_page_prot);
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Add range_is_allowed() check to mmap of /dev/mem
2008-03-07 7:01 [PATCH] Add range_is_allowed() check to mmap of /dev/mem Venki Pallipadi
@ 2008-03-07 8:37 ` Ingo Molnar
0 siblings, 0 replies; 2+ messages in thread
From: Ingo Molnar @ 2008-03-07 8:37 UTC (permalink / raw)
To: Venki Pallipadi; +Cc: H. Peter Anvin, Thomas Gleixner, arjan, linux-kernel
* Venki Pallipadi <venkatesh.pallipadi@intel.com> wrote:
> Earlier patch that introduced CONFIG_NONPROMISC_DEVMEM, did the
> range_is_allowed() check only for read and write. Add
> range_is_allowed() check to mmap of /dev/mem as well.
>
> Changes the paramaters of range_is_allowed() to pfn and size to handle
> more than 32 bits of physical address on 32 bit arch cleanly.
thanks, applied.
Ingo
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-03-07 8:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-03-07 7:01 [PATCH] Add range_is_allowed() check to mmap of /dev/mem Venki Pallipadi
2008-03-07 8:37 ` Ingo Molnar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.