From: Keith Owens <kaos@ocs.com.au>
To: "Maciej W. Rozycki" <macro@ds2.pg.gda.pl>
Cc: Ralf Baechle <ralf@uni-koblenz.de>,
linux-mips@fnet.fr, linux-mips@oss.sgi.com
Subject: Re: [patch] linux 2.4.5: __dbe_table iteration #2
Date: Fri, 24 Aug 2001 09:11:09 +1000 [thread overview]
Message-ID: <17182.998608269@ocs3.ocs-net> (raw)
In-Reply-To: Your message of "Thu, 23 Aug 2001 18:52:45 +0200." <Pine.GSO.3.96.1010823164555.21718C-100000@delta.ds2.pg.gda.pl>
On Thu, 23 Aug 2001 18:52:45 +0200 (MET DST),
"Maciej W. Rozycki" <macro@ds2.pg.gda.pl> wrote:
>On Thu, 23 Aug 2001, Keith Owens wrote:
>> The definition of struct archdata in kernel and modutils can be
>> different, a new kernel layout with an old modutils is legal but fatal
>> unless you code for it. The correct test for archdata is
>>
>> if (!mod_member_present(mp, archdata_start) ||
>> (mp->archdata_end - mp->archdata_start) <=
>> offsetof(struct archdata, dbe_table_end))
>> continue;
> Hmm, your suggested code checks if the passed struct is long enough for
>dbe_table_start only -- what about dbe_table_end? The following code:
If archdata_end-archdata_start <= offsetof(dbe_table_end) then archdata
is too small to contain the first byte of dbe_table_end, skip the
archdata. If archdata is large enough to contain the first byte of
dbe_table_end, assume that it contains all of dbe_table_end.
>While modutils as released won't ever pass a smaller
>struct, someone may modify them or use another program to invoke
>init_module(), so we need to protect the kernel against bogus data.
You have to be root to call init_module() or run insmod, root can do a
lot more damage than passing an invalid structure size. This type of
test is not to catch malicious code, it is to detect that the user is
running an old modutils with a smaller archdata than the kernel can
handle.
You are correct that modutils as released will never pass a smaller
archdata struct for mips so strictly speaking this test is superfluous.
However this type of code gets cut and pasted so I want size checking
on all archdata, when it is copied the developer has to think about
changing the test instead of forgetting to add a test.
Your suggested code works just as well but is less readable. Go with
either.
>> The rest of the code looks OK, except it needs a global change of
>> arch_init_module: to module_arch_init: to match the macro name.
>
> OK, I'll do it. It should have been done for ia64 in the first place.
>Or should it be changed into "<arch>_init_module" to match functions' real
>names?
Leave it as module_arch_init, it tells us how the code was called.
>> Do you have the corresponding modutils patch or shall I do it?
>
> I've send it to you separately just after the kernel patch. Should I
>resend it?
No thanks, I found it.
WARNING: multiple messages have this Message-ID (diff)
From: Keith Owens <kaos@ocs.com.au>
To: "Maciej W. Rozycki" <macro@ds2.pg.gda.pl>
Cc: Ralf Baechle <ralf@uni-koblenz.de>,
linux-mips@fnet.fr, linux-mips@oss.sgi.com
Subject: Re: [patch] linux 2.4.5: __dbe_table iteration #2
Date: 24 Aug 2001 10:49:31 -0500 [thread overview]
Message-ID: <17182.998608269@ocs3.ocs-net> (raw)
Message-ID: <20010824154931.LdK3fuB1tljRipLyoUSQ_r2ppvyBXpo8gZ4frU1KOr8@z> (raw)
In-Reply-To: Your message of "Thu, 23 Aug 2001 18:52:45 +0200." <Pine.GSO.3.96.1010823164555.21718C-100000@delta.ds2.pg.gda.pl>
On Thu, 23 Aug 2001 18:52:45 +0200 (MET DST),
"Maciej W. Rozycki" <macro@ds2.pg.gda.pl> wrote:
>On Thu, 23 Aug 2001, Keith Owens wrote:
>> The definition of struct archdata in kernel and modutils can be
>> different, a new kernel layout with an old modutils is legal but fatal
>> unless you code for it. The correct test for archdata is
>>
>> if (!mod_member_present(mp, archdata_start) ||
>> (mp->archdata_end - mp->archdata_start) <=
>> offsetof(struct archdata, dbe_table_end))
>> continue;
> Hmm, your suggested code checks if the passed struct is long enough for
>dbe_table_start only -- what about dbe_table_end? The following code:
If archdata_end-archdata_start <= offsetof(dbe_table_end) then archdata
is too small to contain the first byte of dbe_table_end, skip the
archdata. If archdata is large enough to contain the first byte of
dbe_table_end, assume that it contains all of dbe_table_end.
>While modutils as released won't ever pass a smaller
>struct, someone may modify them or use another program to invoke
>init_module(), so we need to protect the kernel against bogus data.
You have to be root to call init_module() or run insmod, root can do a
lot more damage than passing an invalid structure size. This type of
test is not to catch malicious code, it is to detect that the user is
running an old modutils with a smaller archdata than the kernel can
handle.
You are correct that modutils as released will never pass a smaller
archdata struct for mips so strictly speaking this test is superfluous.
However this type of code gets cut and pasted so I want size checking
on all archdata, when it is copied the developer has to think about
changing the test instead of forgetting to add a test.
Your suggested code works just as well but is less readable. Go with
either.
>> The rest of the code looks OK, except it needs a global change of
>> arch_init_module: to module_arch_init: to match the macro name.
>
> OK, I'll do it. It should have been done for ia64 in the first place.
>Or should it be changed into "<arch>_init_module" to match functions' real
>names?
Leave it as module_arch_init, it tells us how the code was called.
>> Do you have the corresponding modutils patch or shall I do it?
>
> I've send it to you separately just after the kernel patch. Should I
>resend it?
No thanks, I found it.
next prev parent reply other threads:[~2001-08-23 23:11 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-13 13:38 [patch] linux 2.4.5: Make __dbe_table available to modules Maciej W. Rozycki
2001-08-13 15:50 ` Ralf Baechle
2001-08-13 16:24 ` Maciej W. Rozycki
2001-08-13 18:11 ` Gleb O. Raiko
2001-08-14 17:34 ` Maciej W. Rozycki
2001-08-23 11:23 ` Gleb O. Raiko
2001-08-23 15:46 ` Maciej W. Rozycki
2001-08-23 20:11 ` bus error by write transaction (RE: [patch] linux 2.4.5: Make __dbe_table available to modules) Hiroo Hayashi
2001-08-23 20:11 ` Hiroo Hayashi
2001-08-24 16:18 ` Maciej W. Rozycki
2001-08-27 16:49 ` Hiroo Hayashi
2001-08-27 16:49 ` Hiroo Hayashi
2001-08-20 13:57 ` [patch] linux 2.4.5: __dbe_table iteration #2 Maciej W. Rozycki
2001-08-23 1:49 ` Keith Owens
2001-08-23 16:52 ` Maciej W. Rozycki
2001-08-23 23:11 ` Keith Owens [this message]
2001-08-24 15:44 ` Maciej W. Rozycki
2001-08-27 3:09 ` Keith Owens
2001-08-27 6:20 ` Ralf Baechle
2001-08-24 15:49 ` Keith Owens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=17182.998608269@ocs3.ocs-net \
--to=kaos@ocs.com.au \
--cc=linux-mips@fnet.fr \
--cc=linux-mips@oss.sgi.com \
--cc=macro@ds2.pg.gda.pl \
--cc=ralf@uni-koblenz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox