From: "David S. Miller" <davem@davemloft.net>
To: Andi Kleen <ak@suse.de>
Cc: akpm@osdl.org, torvalds@osdl.org, dwmw2@infradead.org,
linux-arch@vger.kernel.org, mingo@elte.hu
Subject: Re: [patch 19/24] TASK_SIZE is variable.
Date: Sat, 5 Feb 2005 15:27:52 -0800 [thread overview]
Message-ID: <20050205152752.671e7a72.davem@davemloft.net> (raw)
In-Reply-To: <20050205074025.GA23814@wotan.suse.de>
On Sat, 5 Feb 2005 08:40:25 +0100
Andi Kleen <ak@suse.de> wrote:
> I wouldn't combine it with set_fs like Linus proposed though, because
> that could lead to mistakes in set_fs(KERNEL_DS)
That's a good point.
However, from another perspective it does make some sense.
I only know of a cpu type or two that really provide strong
address space protection for accidental supervisor mode accesses
to user space. I know sparc64 provides this for sure, and I
think parisc has something similar as well.
Andi is very familiar with this, because some compat layer
code written and tested on x86_64 fails on sparc64 because the
latter disallows the following:
extern int sys_foo(const char __user *buf, unsigned long __user *ret_val);
int compat_sys_foo(compat_uptr_t u_buf, compat_uptr_t u_ret_val)
{
const char __user *buf = compat_ptr(u_buf);
unsigned long k_val;
mm_segment_t old_fs = get_fs();
int err;
set_fs(KERNEL_DS);
err = sys_foo(buf, (unsigned long __user *) &k_val);
...
This does not fault on x86_64, but it does on platforms like sparc64.
Even though it doesn't fault on x86_64, it's a security hole because it
allows the user to pass in kernel addresses, and such kernel addresses
will just work since we're in KERNEL_DS.
If set_fs() updated some mm->max_addr thing, access_ok() and friends
would trap things like this in software even on x86_64. Therefore,
I think if anything it's a very good bug check.
next prev parent reply other threads:[~2005-02-05 23:27 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <200502050150.j151osl11380@mail.osdl.org>
2005-02-05 2:16 ` [patch 19/24] TASK_SIZE is variable Linus Torvalds
2005-02-05 3:29 ` Linus Torvalds
2005-02-05 5:52 ` David S. Miller
2005-02-07 10:59 ` David Howells
2005-02-07 19:30 ` David S. Miller
2005-02-08 9:05 ` Martin Schwidefsky
2005-02-08 19:09 ` David S. Miller
2005-02-05 9:06 ` Russell King
2005-02-05 23:44 ` David S. Miller
2005-02-06 10:50 ` Andi Kleen
2005-02-06 21:19 ` David S. Miller
2005-02-06 21:31 ` Andi Kleen
2005-02-06 21:31 ` David S. Miller
2005-02-06 21:50 ` Andi Kleen
2005-02-06 22:25 ` David S. Miller
2005-02-06 22:31 ` David S. Miller
2005-02-07 8:11 ` Andi Kleen
2005-02-07 19:28 ` David S. Miller
2005-02-07 20:15 ` Andi Kleen
2005-02-07 20:13 ` David S. Miller
2005-02-05 6:54 ` Andi Kleen
2005-02-05 7:18 ` Andrew Morton
2005-02-05 7:40 ` Andi Kleen
2005-02-05 23:27 ` David S. Miller [this message]
2005-02-06 10:38 ` Andi Kleen
2005-02-06 13:05 ` Matthew Wilcox
2005-02-05 23:15 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050205152752.671e7a72.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=ak@suse.de \
--cc=akpm@osdl.org \
--cc=dwmw2@infradead.org \
--cc=linux-arch@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox