From: Cyril Hrubis <chrubis@suse.cz>
To: Jan Stancek <jstancek@redhat.com>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH] syscalls/statmount07: drop "invalid buffer size" test
Date: Tue, 15 Oct 2024 12:59:56 +0200 [thread overview]
Message-ID: <Zw5LLGMX0R9qKfRM@yuki.lan> (raw)
In-Reply-To: <CAASaF6wY8AHH76YVf+UtJrcXtRL9d+UcR4rDf6S96EJiroPnKg@mail.gmail.com>
Hi!
> > > This check relies on access_ok() check, which can be skipped
> > > on some arches/configs, for example on s390x with
> > > CONFIG_ALTERNATE_USER_ADDRESS_SPACE=y. Test then fails with:
> > > statmount07.c:117: TFAIL: invalid buffer size succeeded
> >
> > And does it fail later on in the copy_to_user() if the buffer is
> > physically not accesible?
> >
> > We may add a test that would look like:
> >
> > | page mapped rw | page mapped read only |
> > ^
> > buf pointer starts here
> >
> > What do you think?
>
> we can add that, it would be variation of "invalid buffer pointer" test
Looking at kernel __check_object_size() there seems to be a special case
for a NULL pointer in check_bogus_address(). The part that would check
if the page is writeable is done later. There are some checks in
check_heap_object() but I'm not 100% sure what these do. If I'm reading
it right it will abort the operation if the memory is not one continuous
vma, which is probably the case if we have two pages with different
access next to each other.
It may be interesting to go over the copy_to_user() code with someone
who understands mm and find a few cases to test.
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2024-10-15 11:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-15 7:57 [LTP] [PATCH] syscalls/statmount07: drop "invalid buffer size" test Jan Stancek
2024-10-15 9:50 ` Cyril Hrubis
2024-10-15 10:10 ` Jan Stancek
2024-10-15 10:59 ` Cyril Hrubis [this message]
2024-10-15 11:51 ` Jan Stancek
2024-10-15 11:48 ` [LTP] [PATCH v2] syscalls/statmount07: change " Jan Stancek
2024-10-15 12:07 ` Cyril Hrubis
2024-10-15 12:41 ` Jan Stancek
2024-10-15 13:43 ` Cyril Hrubis
2024-10-15 13:54 ` Jan Stancek
2024-10-18 10:23 ` Petr Vorel
2024-10-18 10:25 ` Jan Stancek
2024-10-15 13:45 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zw5LLGMX0R9qKfRM@yuki.lan \
--to=chrubis@suse.cz \
--cc=jstancek@redhat.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox