* goldfish driver: Missing get_user_pages in goldfish_pipe_read_write()
@ 2013-06-27 17:35 Mathieu Desnoyers
2013-06-27 17:46 ` Greg Kroah-Hartman
0 siblings, 1 reply; 5+ messages in thread
From: Mathieu Desnoyers @ 2013-06-27 17:35 UTC (permalink / raw)
To: David 'Digit' Turner, Xiaohui Xin, Yunhong Jiang,
Jun Nakajima, Tom Keel, Alan Cox, Greg Kroah-Hartman
Cc: linux-kernel
The following code snippet:
drivers/platform/goldfish/goldfish_pipe.c:
goldfish_pipe_read_write()
/* Ensure that the corresponding page is properly mapped */
/* FIXME: this isn't safe or sufficient - use get_user_pages */
if (is_write) {
char c;
/* Ensure that the page is mapped and readable */
if (__get_user(c, (char __user *)address)) {
if (!ret)
ret = -EFAULT;
break;
}
} else {
/* Ensure that the page is mapped and writable */
if (__put_user(0, (char __user *)address)) {
if (!ret)
ret = -EFAULT;
break;
}
}
Seems to lack the kind of validation required to make it fail properly
if the memory range is not fully populated.
I see that this feature has been merged in Linux kernel 3.9, but the
FIXME is still there in 3.10-rc7. Any plans on fixing this ?
Thanks,
Mathieu
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: goldfish driver: Missing get_user_pages in goldfish_pipe_read_write()
2013-06-27 17:35 goldfish driver: Missing get_user_pages in goldfish_pipe_read_write() Mathieu Desnoyers
@ 2013-06-27 17:46 ` Greg Kroah-Hartman
2013-06-27 18:03 ` Mathieu Desnoyers
0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2013-06-27 17:46 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: David 'Digit' Turner, Xiaohui Xin, Yunhong Jiang,
Jun Nakajima, Tom Keel, Alan Cox, linux-kernel
On Thu, Jun 27, 2013 at 01:35:32PM -0400, Mathieu Desnoyers wrote:
> The following code snippet:
>
> drivers/platform/goldfish/goldfish_pipe.c:
> goldfish_pipe_read_write()
>
> /* Ensure that the corresponding page is properly mapped */
> /* FIXME: this isn't safe or sufficient - use get_user_pages */
> if (is_write) {
> char c;
> /* Ensure that the page is mapped and readable */
> if (__get_user(c, (char __user *)address)) {
> if (!ret)
> ret = -EFAULT;
> break;
> }
> } else {
> /* Ensure that the page is mapped and writable */
> if (__put_user(0, (char __user *)address)) {
> if (!ret)
> ret = -EFAULT;
> break;
> }
> }
>
> Seems to lack the kind of validation required to make it fail properly
> if the memory range is not fully populated.
This is an emulated platform only, so it's probably not a big deal,
right?
> I see that this feature has been merged in Linux kernel 3.9, but the
> FIXME is still there in 3.10-rc7. Any plans on fixing this ?
It would be good to get fixed, but probably way down on the priority
list.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: goldfish driver: Missing get_user_pages in goldfish_pipe_read_write()
2013-06-27 17:46 ` Greg Kroah-Hartman
@ 2013-06-27 18:03 ` Mathieu Desnoyers
2013-06-27 18:14 ` Greg Kroah-Hartman
0 siblings, 1 reply; 5+ messages in thread
From: Mathieu Desnoyers @ 2013-06-27 18:03 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: David 'Digit' Turner, Xiaohui Xin, Yunhong Jiang,
Jun Nakajima, Tom Keel, Alan Cox, linux-kernel
* Greg Kroah-Hartman (gregkh@linuxfoundation.org) wrote:
> On Thu, Jun 27, 2013 at 01:35:32PM -0400, Mathieu Desnoyers wrote:
> > The following code snippet:
> >
> > drivers/platform/goldfish/goldfish_pipe.c:
> > goldfish_pipe_read_write()
> >
> > /* Ensure that the corresponding page is properly mapped */
> > /* FIXME: this isn't safe or sufficient - use get_user_pages */
> > if (is_write) {
> > char c;
> > /* Ensure that the page is mapped and readable */
> > if (__get_user(c, (char __user *)address)) {
> > if (!ret)
> > ret = -EFAULT;
> > break;
> > }
> > } else {
> > /* Ensure that the page is mapped and writable */
> > if (__put_user(0, (char __user *)address)) {
> > if (!ret)
> > ret = -EFAULT;
> > break;
> > }
> > }
> >
> > Seems to lack the kind of validation required to make it fail properly
> > if the memory range is not fully populated.
>
> This is an emulated platform only, so it's probably not a big deal,
> right?
You're probably right. As long as it is not configured and somehow still
accessible on a production device.
>
> > I see that this feature has been merged in Linux kernel 3.9, but the
> > FIXME is still there in 3.10-rc7. Any plans on fixing this ?
>
> It would be good to get fixed, but probably way down on the priority
> list.
Agreed,
Thanks,
Mathieu
>
> thanks,
>
> greg k-h
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: goldfish driver: Missing get_user_pages in goldfish_pipe_read_write()
2013-06-27 18:03 ` Mathieu Desnoyers
@ 2013-06-27 18:14 ` Greg Kroah-Hartman
2013-06-27 18:44 ` Mathieu Desnoyers
0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2013-06-27 18:14 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: David 'Digit' Turner, Xiaohui Xin, Yunhong Jiang,
Jun Nakajima, Tom Keel, Alan Cox, linux-kernel
On Thu, Jun 27, 2013 at 02:03:44PM -0400, Mathieu Desnoyers wrote:
> * Greg Kroah-Hartman (gregkh@linuxfoundation.org) wrote:
> > On Thu, Jun 27, 2013 at 01:35:32PM -0400, Mathieu Desnoyers wrote:
> > > The following code snippet:
> > >
> > > drivers/platform/goldfish/goldfish_pipe.c:
> > > goldfish_pipe_read_write()
> > >
> > > /* Ensure that the corresponding page is properly mapped */
> > > /* FIXME: this isn't safe or sufficient - use get_user_pages */
> > > if (is_write) {
> > > char c;
> > > /* Ensure that the page is mapped and readable */
> > > if (__get_user(c, (char __user *)address)) {
> > > if (!ret)
> > > ret = -EFAULT;
> > > break;
> > > }
> > > } else {
> > > /* Ensure that the page is mapped and writable */
> > > if (__put_user(0, (char __user *)address)) {
> > > if (!ret)
> > > ret = -EFAULT;
> > > break;
> > > }
> > > }
> > >
> > > Seems to lack the kind of validation required to make it fail properly
> > > if the memory range is not fully populated.
> >
> > This is an emulated platform only, so it's probably not a big deal,
> > right?
>
> You're probably right. As long as it is not configured and somehow still
> accessible on a production device.
There is no device that could ever be "production" for this emulated
hardware platform, unless a desktop system wants to "emulate" the
android userspace system somehow. Then it could be "real", but even
then, how would a user application get access to this codepath?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: goldfish driver: Missing get_user_pages in goldfish_pipe_read_write()
2013-06-27 18:14 ` Greg Kroah-Hartman
@ 2013-06-27 18:44 ` Mathieu Desnoyers
0 siblings, 0 replies; 5+ messages in thread
From: Mathieu Desnoyers @ 2013-06-27 18:44 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: David 'Digit' Turner, Xiaohui Xin, Yunhong Jiang,
Jun Nakajima, Tom Keel, Alan Cox, linux-kernel
* Greg Kroah-Hartman (gregkh@linuxfoundation.org) wrote:
> On Thu, Jun 27, 2013 at 02:03:44PM -0400, Mathieu Desnoyers wrote:
> > * Greg Kroah-Hartman (gregkh@linuxfoundation.org) wrote:
> > > On Thu, Jun 27, 2013 at 01:35:32PM -0400, Mathieu Desnoyers wrote:
> > > > The following code snippet:
> > > >
> > > > drivers/platform/goldfish/goldfish_pipe.c:
> > > > goldfish_pipe_read_write()
> > > >
> > > > /* Ensure that the corresponding page is properly mapped */
> > > > /* FIXME: this isn't safe or sufficient - use get_user_pages */
> > > > if (is_write) {
> > > > char c;
> > > > /* Ensure that the page is mapped and readable */
> > > > if (__get_user(c, (char __user *)address)) {
> > > > if (!ret)
> > > > ret = -EFAULT;
> > > > break;
> > > > }
> > > > } else {
> > > > /* Ensure that the page is mapped and writable */
> > > > if (__put_user(0, (char __user *)address)) {
> > > > if (!ret)
> > > > ret = -EFAULT;
> > > > break;
> > > > }
> > > > }
> > > >
> > > > Seems to lack the kind of validation required to make it fail properly
> > > > if the memory range is not fully populated.
> > >
> > > This is an emulated platform only, so it's probably not a big deal,
> > > right?
> >
> > You're probably right. As long as it is not configured and somehow still
> > accessible on a production device.
>
> There is no device that could ever be "production" for this emulated
> hardware platform, unless a desktop system wants to "emulate" the
> android userspace system somehow. Then it could be "real", but even
> then, how would a user application get access to this codepath?
I think it would depend on the user access rights given to
/dev/qemu_pipe. Assuming it would be only accessible by root, this would
minimize the risks even more.
Thanks,
Mathieu
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-06-27 18:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-27 17:35 goldfish driver: Missing get_user_pages in goldfish_pipe_read_write() Mathieu Desnoyers
2013-06-27 17:46 ` Greg Kroah-Hartman
2013-06-27 18:03 ` Mathieu Desnoyers
2013-06-27 18:14 ` Greg Kroah-Hartman
2013-06-27 18:44 ` Mathieu Desnoyers
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.