From: ebiederm@xmission.com (Eric W. Biederman)
To: linux-ia64@vger.kernel.org
Subject: Re: [RFC] prevent "dd if=/dev/mem" crash
Date: Sun, 19 Oct 2003 11:25:37 +0000 [thread overview]
Message-ID: <marc-linux-ia64-106656307124322@msgid-missing> (raw)
In-Reply-To: <marc-linux-ia64-106642876514553@msgid-missing>
Andrew Morton <akpm@osdl.org> writes:
> David Mosberger <davidm@napali.hpl.hp.com> wrote:
> >
> > >>>>> On Fri, 17 Oct 2003 16:55:43 -0700, Andrew Morton <akpm@osdl.org> said:
> >
> > >> If we really believe copy_*_user() must correctly handle *all* faults,
> > >> isn't the "p >= __pa(high_memory)" test superfluous?
> >
> > Andrew> This code was conceived before my time and I don't recall seeing much
>
> > Andrew> discussion, so this is all guesswork..
> >
> > Andrew> I'd say that the high_memory test _is_ superfluous and that
> > Andrew> if anyone cared, we would remove it and establish a
> > Andrew> temporary pte against the address if it was outside the
> > Andrew> direct-mapped area. But nobody cares enough to have done
> > Andrew> anything about it.
This can be useful for the case of > 4GB on a 32bit box. But for mmio
it is useless.
> > What about memory-mapped device registers? Isn't all memory
> > physically contiguous on x86 and that's why the "p >> > __pa(high_memory)" test saves you from that?
>
> We _want_ to be able to read mmio ranges via /dev/mem, don't we? I guess
> it has never come up because everyone uses kmem.
No.
sys_read/sys_write does not give you enough control to write a device driver
from user space if you want to access something other than RAM you need to
mmap /dev/mem and issue the appropriate read/write commands.
On ia64 you can send the variant that won't generate a machine check if it
fails. You can get the alignment right etc, etc.
And even if you can get the interface right from user space to make mmio
work through sys_read/sys_write it will still be slow and silly to use.
And since it is useless it will go unused and then regress in
strange peculiar unexpected ways.
We do have all of the information we need in struct page to see if a
page address is valid, so checking that is reasonable. I suspect it
will require some interesting variant of pfn_to_page to handle of the
weird sparse memory locations properly.
Of course it might just be reasonable to require knowing and
responsible use of /dev/mem. Whatever you are doing.
Eric
next prev parent reply other threads:[~2003-10-19 11:25 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-17 22:10 [RFC] prevent "dd if=/dev/mem" crash Bjorn Helgaas
2003-10-17 22:19 ` Luck, Tony
2003-10-17 22:23 ` Matt Mackall
2003-10-17 22:40 ` Andreas Schwab
2003-10-17 22:50 ` Andrew Morton
2003-10-17 23:25 ` Bjorn Helgaas
2003-10-17 23:55 ` Andrew Morton
2003-10-18 0:15 ` William Lee Irwin III
2003-10-18 0:21 ` David Mosberger
2003-10-18 0:49 ` Andrew Morton
2003-10-18 1:31 ` Matt Chapman
2003-10-18 1:41 ` Andrew Morton
2003-10-18 1:48 ` David Mosberger
2003-10-18 2:01 ` Andrew Morton
2003-10-18 2:01 ` Matt Chapman
2003-10-19 11:25 ` Eric W. Biederman [this message]
2003-10-19 18:17 ` Pavel Machek
2003-10-19 19:01 ` William Lee Irwin III
2003-10-20 15:17 ` Bjorn Helgaas
2003-10-20 17:42 ` Bjorn Helgaas
2003-10-20 18:48 ` David Mosberger
2003-10-23 8:33 ` Martin Pool
2003-10-23 9:31 ` Zoltan Menyhart
2003-10-23 21:05 ` Bjorn Helgaas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-linux-ia64-106656307124322@msgid-missing \
--to=ebiederm@xmission.com \
--cc=linux-ia64@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox