Re: [RESENT PATCH] x86/mem: fix the offset overflow when read/write mem

All of lore.kernel.org
 help / color / mirror / Atom feed

From: zhong jiang <zhongjiang@huawei.com>
To: Rik van Riel <riel@redhat.com>
Cc: David Rientjes <rientjes@google.com>,
	Bjorn Helgaas <bhelgaas@google.com>,
	Yoshinori Sato <ysato@users.sourceforge.jp>,
	Rich Felker <dalias@libc.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	arnd@arndb.de, hannes@cmpxchg.org, kirill@shutemov.name,
	mgorman@techsingularity.net, hughd@google.com,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org,
	Xishi Qiu <qiuxishi@huawei.com>
Subject: Re: [RESENT PATCH] x86/mem: fix the offset overflow when read/write mem
Date: Thu, 4 May 2017 10:28:47 +0800	[thread overview]
Message-ID: <590A91DF.8030004@huawei.com> (raw)
In-Reply-To: <1493837167.20270.8.camel@redhat.com>

On 2017/5/4 2:46, Rik van Riel wrote:
> On Tue, 2017-05-02 at 13:54 -0700, David Rientjes wrote:
>
>>> diff --git a/drivers/char/mem.c b/drivers/char/mem.c
>>> index 7e4a9d1..3a765e02 100644
>>> --- a/drivers/char/mem.c
>>> +++ b/drivers/char/mem.c
>>> @@ -55,7 +55,7 @@ static inline int
>> valid_phys_addr_range(phys_addr_t addr, size_t count)
>>>   
>>>   static inline int valid_mmap_phys_addr_range(unsigned long pfn,
>> size_t size)
>>>   {
>>> -     return 1;
>>> +     return (pfn << PAGE_SHIFT) + size <= __pa(high_memory);
>>>   }
>>>   #endif
>>>   
>> I suppose you are correct that there should be some sanity checking
>> on the 
>> size used for the mmap().
> My apologies for not responding earlier. It may
> indeed make sense to have a sanity check here.
>
> However, it is not as easy as simply checking the
> end against __pa(high_memory). Some systems have
> non-contiguous physical memory ranges, with gaps
> of invalid addresses in-between.
 The invalid physical address means that it is used as
 io mapped. not in system ram region. /dev/mem is not
 access to them , is it right?
> You would have to make sure that both the beginning
> and the end are valid, and that there are no gaps of
> invalid pfns in the middle...
 If it is limited in system ram, we can walk the resource
 to exclude them. or adding pfn_valid further to optimize.
 whether other situation should be consider ? I am not sure.
> At that point, is the complexity so much that it no
> longer makes sense to try to protect against root
> crashing the system?
>
 your suggestion is to let the issue along without any protection.
 just root user know what they are doing.
 
 Thanks
 zhongjiang

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

WARNING: multiple messages have this Message-ID (diff)

From: zhong jiang <zhongjiang@huawei.com>
To: Rik van Riel <riel@redhat.com>
Cc: David Rientjes <rientjes@google.com>,
	Bjorn Helgaas <bhelgaas@google.com>,
	Yoshinori Sato <ysato@users.sourceforge.jp>,
	Rich Felker <dalias@libc.org>,
	Andrew Morton <akpm@linux-foundation.org>, <arnd@arndb.de>,
	<hannes@cmpxchg.org>, <kirill@shutemov.name>,
	<mgorman@techsingularity.net>, <hughd@google.com>,
	<linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
	Xishi Qiu <qiuxishi@huawei.com>
Subject: Re: [RESENT PATCH] x86/mem: fix the offset overflow when read/write mem
Date: Thu, 4 May 2017 10:28:47 +0800	[thread overview]
Message-ID: <590A91DF.8030004@huawei.com> (raw)
In-Reply-To: <1493837167.20270.8.camel@redhat.com>

On 2017/5/4 2:46, Rik van Riel wrote:
> On Tue, 2017-05-02 at 13:54 -0700, David Rientjes wrote:
>
>>> diff --git a/drivers/char/mem.c b/drivers/char/mem.c
>>> index 7e4a9d1..3a765e02 100644
>>> --- a/drivers/char/mem.c
>>> +++ b/drivers/char/mem.c
>>> @@ -55,7 +55,7 @@ static inline int
>> valid_phys_addr_range(phys_addr_t addr, size_t count)
>>>   
>>>   static inline int valid_mmap_phys_addr_range(unsigned long pfn,
>> size_t size)
>>>   {
>>> -     return 1;
>>> +     return (pfn << PAGE_SHIFT) + size <= __pa(high_memory);
>>>   }
>>>   #endif
>>>   
>> I suppose you are correct that there should be some sanity checking
>> on the 
>> size used for the mmap().
> My apologies for not responding earlier. It may
> indeed make sense to have a sanity check here.
>
> However, it is not as easy as simply checking the
> end against __pa(high_memory). Some systems have
> non-contiguous physical memory ranges, with gaps
> of invalid addresses in-between.
 The invalid physical address means that it is used as
 io mapped. not in system ram region. /dev/mem is not
 access to them , is it right?
> You would have to make sure that both the beginning
> and the end are valid, and that there are no gaps of
> invalid pfns in the middle...
 If it is limited in system ram, we can walk the resource
 to exclude them. or adding pfn_valid further to optimize.
 whether other situation should be consider ? I am not sure.
> At that point, is the complexity so much that it no
> longer makes sense to try to protect against root
> crashing the system?
>
 your suggestion is to let the issue along without any protection.
 just root user know what they are doing.
 
 Thanks
 zhongjiang

next prev parent reply	other threads:[~2017-05-04  2:31 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-27 11:49 [RESENT PATCH] x86/mem: fix the offset overflow when read/write mem zhongjiang
2017-04-27 11:49 ` zhongjiang
2017-05-02  1:47 ` zhong jiang
2017-05-02  1:47   ` zhong jiang
2017-05-02 20:54 ` David Rientjes
2017-05-02 20:54   ` David Rientjes
2017-05-03  6:42   ` zhong jiang
2017-05-03  6:42     ` zhong jiang
2017-05-03 18:46   ` Rik van Riel
2017-05-04  2:28     ` zhong jiang [this message]
2017-05-04  2:28       ` zhong jiang
2017-05-09 15:46       ` Rik van Riel
2017-05-10  2:14         ` zhong jiang
2017-05-10  2:14           ` zhong jiang
2017-05-10  2:15         ` Xishi Qiu
2017-05-10  2:15           ` Xishi Qiu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=590A91DF.8030004@huawei.com \
    --to=zhongjiang@huawei.com \
    --cc=akpm@linux-foundation.org \
    --cc=arnd@arndb.de \
    --cc=bhelgaas@google.com \
    --cc=dalias@libc.org \
    --cc=hannes@cmpxchg.org \
    --cc=hughd@google.com \
    --cc=kirill@shutemov.name \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mgorman@techsingularity.net \
    --cc=qiuxishi@huawei.com \
    --cc=riel@redhat.com \
    --cc=rientjes@google.com \
    --cc=ysato@users.sourceforge.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.