From: Kees Cook <keescook@chromium.org>
To: Robin Murphy <robin.murphy@arm.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, Stephen Boyd <swboyd@chromium.org>,
iommu@lists.linux-foundation.org,
Semmle Security Reports <security-reports@semmle.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
Jesper Dangaard Brouer <brouer@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Laura Abbott <labbott@redhat.com>, Christoph Hellwig <hch@lst.de>,
Allison Randal <allison@lohutok.net>
Subject: Re: [PATCH] dma-mapping: Lift address space checks out of debug code
Date: Fri, 4 Oct 2019 13:25:55 -0700 [thread overview]
Message-ID: <201910041323.F082AA4B19@keescook> (raw)
In-Reply-To: <91192af8-dc96-eeb9-42ab-01473cf2b7c0@arm.com>
On Fri, Oct 04, 2019 at 07:50:54PM +0100, Robin Murphy wrote:
> On 03/10/2019 22:38, Kees Cook wrote:
> > What do you think about the object_is_on_stack() check? That does a
> > dereference through "current" to find the stack bounds...
>
> I guess it depends what the aim is - is it just to bail out of operations
> which have near-zero chance of working correctly and every chance of going
> catastrophically wrong, or to lay down strict argument checking for the API
> in general? (for cache-coherent devices, or if the caller is careful to
> ensure the appropriate alignment, DMA from a non-virtually-mapped stack can
> be *technically* fine, it's just banned in general because those necessary
> assumptions can be tricky to meet and aren't at all portable).
Okay, then since the vmap check is both the cheapest and the most
important to catch in the face of breaking everything, I'll move that
in and we can keep USB's other checks separately.
--
Kees Cook
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2019-10-04 20:25 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-02 20:46 [PATCH] dma-mapping: Lift address space checks out of debug code Kees Cook
2019-10-02 21:15 ` Robin Murphy
2019-10-02 23:58 ` Kees Cook
2019-10-03 0:03 ` Kees Cook
2019-10-03 9:42 ` Robin Murphy
2019-10-03 21:38 ` Kees Cook
2019-10-04 18:50 ` Robin Murphy
2019-10-04 20:25 ` Kees Cook [this message]
2019-10-05 8:27 ` Christoph Hellwig
2019-10-02 22:37 ` kbuild test robot
2019-10-03 0:05 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201910041323.F082AA4B19@keescook \
--to=keescook@chromium.org \
--cc=allison@lohutok.net \
--cc=brouer@redhat.com \
--cc=dan.carpenter@oracle.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=iommu@lists.linux-foundation.org \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=robin.murphy@arm.com \
--cc=security-reports@semmle.com \
--cc=swboyd@chromium.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).