[PATCH 11/22] spufs: avoid user-triggered oops in ptrace

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Arnd Bergmann <arnd@arndb.de>
To: cbe-oss-dev@ozlabs.org
Cc: linuxppc-dev@ozlabs.org, linux-kernel@vger.kernel.org,
	Paul Mackerras <paulus@samba.org>,
	Arnd Bergmann <arnd.bergmann@de.ibm.com>,
	Christoph Hellwig <chellwig@de.ibm.com>
Subject: [PATCH 11/22] spufs: avoid user-triggered oops in ptrace
Date: Mon, 20 Nov 2006 18:45:05 +0100	[thread overview]
Message-ID: <20061120180524.176650000@arndb.de> (raw)
In-Reply-To: 20061120174454.067872000@arndb.de

[-- Attachment #1: spufs-vm-io-mappings.diff --]
[-- Type: text/plain, Size: 2966 bytes --]

From: Christoph Hellwig <hch@infradead.org>
When one of the spufs files is mapped into a process address
space, regular users can use ptrace to attempt accessing
them with access_process_vm(). With the way that the
mappings currently work, this likely causes an oops.

Setting the vm_flags to VM_IO makes sure that ptrace can
not access them but returns an error code. This is not
the perfect solution in case of the local store mapping,
but it fixes the oops in a well-defined way.

Also remove leftover VM_RESERVED flags in spufs.  The
VM_RESERVED flag is on it's way out and not checked by
the memory managment code anymore.

Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Christoph Hellwig <chellwig@de.ibm.com>

---

Index: linux-2.6/arch/powerpc/platforms/cell/spufs/file.c
===================================================================
--- linux-2.6.orig/arch/powerpc/platforms/cell/spufs/file.c
+++ linux-2.6/arch/powerpc/platforms/cell/spufs/file.c
@@ -132,7 +132,7 @@ spufs_mem_mmap(struct file *file, struct
 	if (!(vma->vm_flags & VM_SHARED))
 		return -EINVAL;
 
-	/* FIXME: */
+	vma->vm_flags |= VM_IO;
 	vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
 				     | _PAGE_NO_CACHE);
 
@@ -201,7 +201,7 @@ static int spufs_cntl_mmap(struct file *
 	if (!(vma->vm_flags & VM_SHARED))
 		return -EINVAL;
 
-	vma->vm_flags |= VM_RESERVED;
+	vma->vm_flags |= VM_IO;
 	vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
 				     | _PAGE_NO_CACHE | _PAGE_GUARDED);
 
@@ -791,7 +791,7 @@ static int spufs_signal1_mmap(struct fil
 	if (!(vma->vm_flags & VM_SHARED))
 		return -EINVAL;
 
-	vma->vm_flags |= VM_RESERVED;
+	vma->vm_flags |= VM_IO;
 	vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
 				     | _PAGE_NO_CACHE | _PAGE_GUARDED);
 
@@ -889,8 +889,7 @@ static int spufs_signal2_mmap(struct fil
 	if (!(vma->vm_flags & VM_SHARED))
 		return -EINVAL;
 
-	/* FIXME: */
-	vma->vm_flags |= VM_RESERVED;
+	vma->vm_flags |= VM_IO;
 	vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
 				     | _PAGE_NO_CACHE | _PAGE_GUARDED);
 
@@ -973,7 +972,7 @@ static int spufs_mss_mmap(struct file *f
 	if (!(vma->vm_flags & VM_SHARED))
 		return -EINVAL;
 
-	vma->vm_flags |= VM_RESERVED;
+	vma->vm_flags |= VM_IO;
 	vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
 				     | _PAGE_NO_CACHE | _PAGE_GUARDED);
 
@@ -1015,7 +1014,7 @@ static int spufs_psmap_mmap(struct file 
 	if (!(vma->vm_flags & VM_SHARED))
 		return -EINVAL;
 
-	vma->vm_flags |= VM_RESERVED;
+	vma->vm_flags |= VM_IO;
 	vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
 				     | _PAGE_NO_CACHE | _PAGE_GUARDED);
 
@@ -1056,7 +1055,7 @@ static int spufs_mfc_mmap(struct file *f
 	if (!(vma->vm_flags & VM_SHARED))
 		return -EINVAL;
 
-	vma->vm_flags |= VM_RESERVED;
+	vma->vm_flags |= VM_IO;
 	vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
 				     | _PAGE_NO_CACHE | _PAGE_GUARDED);
 

--

next prev parent reply	other threads:[~2006-11-20 18:08 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-20 17:44 [PATCH 00/22] Cell patches for 2.6.20 Arnd Bergmann
2006-11-20 17:44 ` [PATCH 01/22] powerpc: convert idle_loop to use hard_irq_disable() Arnd Bergmann
2006-11-20 21:59   ` Paul Mackerras
2006-11-21  0:53   ` Benjamin Herrenschmidt
2006-11-21 10:14     ` Arnd Bergmann
2006-11-21 16:58       ` Olof Johansson
2006-11-20 17:44 ` [PATCH 02/22] powerpc: change ppc_rtas declaration to weak Arnd Bergmann
2006-11-20 17:44 ` [PATCH 03/22] spufs: Change %llx to 0x%llx Arnd Bergmann
2006-11-20 17:44 ` [PATCH 04/22] spufs: add /lslr, /dma_info and /proxydma files Arnd Bergmann
2006-11-20 17:44 ` [PATCH 05/22] spufs: Remove /spu_tag_mask file Arnd Bergmann
2006-11-20 17:45 ` [PATCH 06/22] spufs: implement /mbox_info, /ibox_info, and /wbox_info Arnd Bergmann
2006-11-20 17:45 ` [PATCH 07/22] spufs: read from signal files only if data is there Arnd Bergmann
2006-11-20 17:45 ` [PATCH 08/22] spufs: replace spu.nid with spu.node Arnd Bergmann
2006-11-20 17:45 ` [PATCH 09/22] spufs: return correct event for data storage interrupt Arnd Bergmann
2006-11-20 17:45 ` [PATCH 10/22] spufs: fix missing stop-and-signal Arnd Bergmann
2006-11-20 17:45 ` Arnd Bergmann [this message]
2006-11-20 17:45 ` [PATCH 12/22] spufs: always map local store non-guarded Arnd Bergmann
2006-11-20 17:45 ` [PATCH 13/22] spufs: fix return value of spufs_mfc_write Arnd Bergmann
2006-11-20 17:45 ` [PATCH 14/22] spufs: use SPU master control to prevent wild SPU execution Arnd Bergmann
2007-03-01  6:18   ` Michael Ellerman
2007-03-01 13:50     ` [Cbe-oss-dev] " Arnd Bergmann
2007-03-02 10:13       ` Michael Ellerman
2007-03-05  1:02         ` Arnd Bergmann
2007-03-07  8:58           ` Michael Ellerman
2006-11-20 17:45 ` [PATCH 15/22] spufs: Add runcntrl read accessors Arnd Bergmann
2006-11-20 17:45 ` [PATCH 16/22] spufs: load isolation kernel from spu_run Arnd Bergmann
2006-11-20 17:45 ` [PATCH 17/22] coredump: Add SPU elf notes to coredump Arnd Bergmann
2006-11-21  5:38   ` Michael Ellerman
2006-11-20 17:45 ` [PATCH 18/22] cell: add symbol exports for oprofile Arnd Bergmann
2006-11-20 17:45 ` [PATCH 19/22] cell: PMU register macros Arnd Bergmann
2006-11-20 17:45 ` [PATCH 20/22] cell: Move PMU-related stuff to include/asm-powerpc/cell-pmu.h Arnd Bergmann
2006-11-20 17:45 ` [PATCH 21/22] cell: add routines for managing PMU interrupts Arnd Bergmann
2006-11-20 17:45 ` [PATCH 22/22] cell: add oprofile support Arnd Bergmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20061120180524.176650000@arndb.de \
    --to=arnd@arndb.de \
    --cc=arnd.bergmann@de.ibm.com \
    --cc=cbe-oss-dev@ozlabs.org \
    --cc=chellwig@de.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@ozlabs.org \
    --cc=paulus@samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox