From: Bjorn Helgaas <bjorn.helgaas@hp.com>
To: linux-ia64@vger.kernel.org
Subject: Re: [RFC] prevent "dd if=/dev/mem" crash
Date: Mon, 20 Oct 2003 17:42:26 +0000 [thread overview]
Message-ID: <marc-linux-ia64-106667188118697@msgid-missing> (raw)
In-Reply-To: <marc-linux-ia64-106642876514553@msgid-missing>
On Friday 17 October 2003 5:55 pm, Andrew Morton wrote:
> Still, the code you have is quite reasonable. But please structure it
> thusly:
> ...
Here's a patch structured that way.
> As for return values: if the requested read or write starts at a
> not-present address it should probably return -EFAULT. This is what ia32
> will do. Arguably this is indistinguishable from a bad address on the
> userspace side and we should return -EINVAL but whatever.
I made it return -EFAULT. I worry a little bit because ia32
returned 0 (short read) when (addr >= high_memory) before,
but I don't have a strong opinion one way or the other.
=== drivers/char/mem.c 1.44 vs edited ==--- 1.44/drivers/char/mem.c Sun Sep 21 15:50:34 2003
+++ edited/drivers/char/mem.c Mon Oct 20 10:43:08 2003
@@ -79,6 +79,22 @@
#endif
}
+#ifndef ARCH_HAS_VALID_PHYS_ADDR_RANGE
+static inline int valid_phys_addr_range(unsigned long addr, size_t *count)
+{
+ unsigned long end_mem;
+
+ end_mem = __pa(high_memory);
+ if (addr >= end_mem)
+ return 0;
+
+ if (*count > end_mem - addr)
+ *count = end_mem - addr;
+
+ return 1;
+}
+#endif
+
static ssize_t do_write_mem(struct file * file, void *p, unsigned long realp,
const char * buf, size_t count, loff_t *ppos)
{
@@ -113,14 +129,10 @@
size_t count, loff_t *ppos)
{
unsigned long p = *ppos;
- unsigned long end_mem;
ssize_t read;
- end_mem = __pa(high_memory);
- if (p >= end_mem)
- return 0;
- if (count > end_mem - p)
- count = end_mem - p;
+ if (!valid_phys_addr_range(p, &count))
+ return -EFAULT;
read = 0;
#if defined(__sparc__) || (defined(__mc68000__) && defined(CONFIG_MMU))
/* we don't have page 0 mapped on sparc and m68k.. */
@@ -149,13 +161,9 @@
size_t count, loff_t *ppos)
{
unsigned long p = *ppos;
- unsigned long end_mem;
- end_mem = __pa(high_memory);
- if (p >= end_mem)
- return 0;
- if (count > end_mem - p)
- count = end_mem - p;
+ if (!valid_phys_addr_range(p, &count))
+ return -EFAULT;
return do_write_mem(file, __va(p), p, buf, count, ppos);
}
next prev parent reply other threads:[~2003-10-20 17:42 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-17 22:10 [RFC] prevent "dd if=/dev/mem" crash Bjorn Helgaas
2003-10-17 22:19 ` Luck, Tony
2003-10-17 22:23 ` Matt Mackall
2003-10-17 22:40 ` Andreas Schwab
2003-10-17 22:50 ` Andrew Morton
2003-10-17 23:25 ` Bjorn Helgaas
2003-10-17 23:55 ` Andrew Morton
2003-10-18 0:15 ` William Lee Irwin III
2003-10-18 0:21 ` David Mosberger
2003-10-18 0:49 ` Andrew Morton
2003-10-18 1:31 ` Matt Chapman
2003-10-18 1:41 ` Andrew Morton
2003-10-18 1:48 ` David Mosberger
2003-10-18 2:01 ` Andrew Morton
2003-10-18 2:01 ` Matt Chapman
2003-10-19 11:25 ` Eric W. Biederman
2003-10-19 18:17 ` Pavel Machek
2003-10-19 19:01 ` William Lee Irwin III
2003-10-20 15:17 ` Bjorn Helgaas
2003-10-20 17:42 ` Bjorn Helgaas [this message]
2003-10-20 18:48 ` David Mosberger
2003-10-23 8:33 ` Martin Pool
2003-10-23 9:31 ` Zoltan Menyhart
2003-10-23 21:05 ` Bjorn Helgaas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-linux-ia64-106667188118697@msgid-missing \
--to=bjorn.helgaas@hp.com \
--cc=linux-ia64@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox