* [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
@ 2020-04-03 16:32 Peter Zijlstra
2020-04-03 18:18 ` Uladzislau Rezki
2020-04-06 13:01 ` Christoph Hellwig
0 siblings, 2 replies; 16+ messages in thread
From: Peter Zijlstra @ 2020-04-03 16:32 UTC (permalink / raw)
To: Andrew Morton
Cc: linux-kernel, linux-mm, jroedel, vbabka, urezki, Thomas Gleixner
__get_vm_area() is an exported symbol, make sure the callers stay in
the expected memory range. When calling this function with memory
ranges outside of the VMALLOC range *bad* things can happen.
(I noticed this when I managed to corrupt the kernel text by accident)
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
mm/vmalloc.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -2130,6 +2130,13 @@ static struct vm_struct *__get_vm_area_n
struct vm_struct *__get_vm_area(unsigned long size, unsigned long flags,
unsigned long start, unsigned long end)
{
+ /*
+ * Ensure callers stay in the vmalloc range.
+ */
+ if (WARN_ON(start < VMALLOC_START || start > VMALLOC_END ||
+ end < VMALLOC_START || end > VMALLOC_END))
+ return NULL;
+
return __get_vm_area_node(size, 1, flags, start, end, NUMA_NO_NODE,
GFP_KERNEL, __builtin_return_address(0));
}
^ permalink raw reply [flat|nested] 16+ messages in thread* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-03 16:32 [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments Peter Zijlstra
@ 2020-04-03 18:18 ` Uladzislau Rezki
2020-04-03 18:53 ` Peter Zijlstra
2020-04-06 13:01 ` Christoph Hellwig
1 sibling, 1 reply; 16+ messages in thread
From: Uladzislau Rezki @ 2020-04-03 18:18 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Andrew Morton, linux-kernel, linux-mm, jroedel, vbabka, urezki,
Thomas Gleixner
On Fri, Apr 03, 2020 at 06:32:53PM +0200, Peter Zijlstra wrote:
>
> __get_vm_area() is an exported symbol, make sure the callers stay in
> the expected memory range. When calling this function with memory
> ranges outside of the VMALLOC range *bad* things can happen.
>
> (I noticed this when I managed to corrupt the kernel text by accident)
>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
> mm/vmalloc.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> --- a/mm/vmalloc.c
> +++ b/mm/vmalloc.c
> @@ -2130,6 +2130,13 @@ static struct vm_struct *__get_vm_area_n
> struct vm_struct *__get_vm_area(unsigned long size, unsigned long flags,
> unsigned long start, unsigned long end)
> {
> + /*
> + * Ensure callers stay in the vmalloc range.
> + */
> + if (WARN_ON(start < VMALLOC_START || start > VMALLOC_END ||
> + end < VMALLOC_START || end > VMALLOC_END))
> + return NULL;
> +
> return __get_vm_area_node(size, 1, flags, start, end, NUMA_NO_NODE,
> GFP_KERNEL, __builtin_return_address(0));
> }
Peter, could you please clarify what kind of issues you had and how you
tested?
__get_vm_area() is not limited by allocating only with vmalloc space,
it can use whole virtual address space/range, i.e. 1 - ULONG_MAX.
Though, i am not sure if there are users(who uses __get_vm_area())
which allocate outside of vmalloc address space.
--
Vlad Rezki
^ permalink raw reply [flat|nested] 16+ messages in thread* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-03 18:18 ` Uladzislau Rezki
@ 2020-04-03 18:53 ` Peter Zijlstra
2020-04-04 19:00 ` Uladzislau Rezki
0 siblings, 1 reply; 16+ messages in thread
From: Peter Zijlstra @ 2020-04-03 18:53 UTC (permalink / raw)
To: Uladzislau Rezki
Cc: Andrew Morton, linux-kernel, linux-mm, jroedel, vbabka, Thomas Gleixner
On Fri, Apr 03, 2020 at 08:18:18PM +0200, Uladzislau Rezki wrote:
> On Fri, Apr 03, 2020 at 06:32:53PM +0200, Peter Zijlstra wrote:
> >
> > __get_vm_area() is an exported symbol, make sure the callers stay in
> > the expected memory range. When calling this function with memory
> > ranges outside of the VMALLOC range *bad* things can happen.
> >
> > (I noticed this when I managed to corrupt the kernel text by accident)
> >
> > Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> > ---
> > mm/vmalloc.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > --- a/mm/vmalloc.c
> > +++ b/mm/vmalloc.c
> > @@ -2130,6 +2130,13 @@ static struct vm_struct *__get_vm_area_n
> > struct vm_struct *__get_vm_area(unsigned long size, unsigned long flags,
> > unsigned long start, unsigned long end)
> > {
> > + /*
> > + * Ensure callers stay in the vmalloc range.
> > + */
> > + if (WARN_ON(start < VMALLOC_START || start > VMALLOC_END ||
> > + end < VMALLOC_START || end > VMALLOC_END))
> > + return NULL;
> > +
> > return __get_vm_area_node(size, 1, flags, start, end, NUMA_NO_NODE,
> > GFP_KERNEL, __builtin_return_address(0));
> > }
> Peter, could you please clarify what kind of issues you had and how you
> tested?
Well, I had a bug and corrupted text; but then I tested:
__get_vm_area(PAGE_SIZE, VM_ALLOC, __START_KERNEL_map,
__START_KERNEL_map + KERNEL_IMAGE_SIZE);
and that *works*.
> __get_vm_area() is not limited by allocating only with vmalloc space,
> it can use whole virtual address space/range, i.e. 1 - ULONG_MAX.
Yeah, I know, I'm saying it perhaps should be, because not limiting it
while exposing it to modules seems risky at best, downright dangerous if
you consider map_vm_area() is also exported.
And while I know the machinery works for the complete virtual address
space, architectures do set aside explicit VA ranges for specific
purposes, we had better respect that, esp. for modules.
^ permalink raw reply [flat|nested] 16+ messages in thread* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-03 18:53 ` Peter Zijlstra
@ 2020-04-04 19:00 ` Uladzislau Rezki
0 siblings, 0 replies; 16+ messages in thread
From: Uladzislau Rezki @ 2020-04-04 19:00 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Uladzislau Rezki, Andrew Morton, linux-kernel, linux-mm, jroedel,
vbabka, Thomas Gleixner
On Fri, Apr 03, 2020 at 08:53:00PM +0200, Peter Zijlstra wrote:
> On Fri, Apr 03, 2020 at 08:18:18PM +0200, Uladzislau Rezki wrote:
> > On Fri, Apr 03, 2020 at 06:32:53PM +0200, Peter Zijlstra wrote:
> > >
> > > __get_vm_area() is an exported symbol, make sure the callers stay in
> > > the expected memory range. When calling this function with memory
> > > ranges outside of the VMALLOC range *bad* things can happen.
> > >
> > > (I noticed this when I managed to corrupt the kernel text by accident)
> > >
> > > Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> > > ---
> > > mm/vmalloc.c | 7 +++++++
> > > 1 file changed, 7 insertions(+)
> > >
> > > --- a/mm/vmalloc.c
> > > +++ b/mm/vmalloc.c
> > > @@ -2130,6 +2130,13 @@ static struct vm_struct *__get_vm_area_n
> > > struct vm_struct *__get_vm_area(unsigned long size, unsigned long flags,
> > > unsigned long start, unsigned long end)
> > > {
> > > + /*
> > > + * Ensure callers stay in the vmalloc range.
> > > + */
> > > + if (WARN_ON(start < VMALLOC_START || start > VMALLOC_END ||
> > > + end < VMALLOC_START || end > VMALLOC_END))
> > > + return NULL;
> > > +
> > > return __get_vm_area_node(size, 1, flags, start, end, NUMA_NO_NODE,
> > > GFP_KERNEL, __builtin_return_address(0));
> > > }
> > Peter, could you please clarify what kind of issues you had and how you
> > tested?
>
> Well, I had a bug and corrupted text; but then I tested:
>
> __get_vm_area(PAGE_SIZE, VM_ALLOC, __START_KERNEL_map,
> __START_KERNEL_map + KERNEL_IMAGE_SIZE);
>
> and that *works*.
>
Do you mean that you corrupted "text" by calling __get_vm_area(...)
with special parameters? If so could you please show how you used it.
> > __get_vm_area() is not limited by allocating only with vmalloc space,
> > it can use whole virtual address space/range, i.e. 1 - ULONG_MAX.
>
> Yeah, I know, I'm saying it perhaps should be, because not limiting it
> while exposing it to modules seems risky at best, downright dangerous if
> you consider map_vm_area() is also exported.
>
Doing it to secure modules, probably is OK, but modules can also be reside
within vmalloc address space.
Thank you in advance!
--
Vlad Rezki
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-03 16:32 [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments Peter Zijlstra
2020-04-03 18:18 ` Uladzislau Rezki
@ 2020-04-06 13:01 ` Christoph Hellwig
2020-04-06 14:06 ` Peter Zijlstra
2020-04-17 12:57 ` Sakari Ailus
1 sibling, 2 replies; 16+ messages in thread
From: Christoph Hellwig @ 2020-04-06 13:01 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Andrew Morton, linux-kernel, linux-mm, jroedel, vbabka, urezki,
Thomas Gleixner, Olof Johansson, Sakari Ailus,
Mauro Carvalho Chehab
On Fri, Apr 03, 2020 at 06:32:53PM +0200, Peter Zijlstra wrote:
>
> __get_vm_area() is an exported symbol, make sure the callers stay in
> the expected memory range. When calling this function with memory
> ranges outside of the VMALLOC range *bad* things can happen.
>
> (I noticed this when I managed to corrupt the kernel text by accident)
Maybe it is time to unexport it? There are only two users:
- staging/media/ipu3 really should be using vmap. And given that it
is a staging driver it really doesn't matter anyway if we break it.
- pcmcia/electra_cf.c is actually using it for something that is not
a vmalloc address. But it is so special that I think prohibiting
to build it as module seems fine.
>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
> mm/vmalloc.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> --- a/mm/vmalloc.c
> +++ b/mm/vmalloc.c
> @@ -2130,6 +2130,13 @@ static struct vm_struct *__get_vm_area_n
> struct vm_struct *__get_vm_area(unsigned long size, unsigned long flags,
> unsigned long start, unsigned long end)
> {
> + /*
> + * Ensure callers stay in the vmalloc range.
> + */
> + if (WARN_ON(start < VMALLOC_START || start > VMALLOC_END ||
> + end < VMALLOC_START || end > VMALLOC_END))
> + return NULL;
> +
> return __get_vm_area_node(size, 1, flags, start, end, NUMA_NO_NODE,
> GFP_KERNEL, __builtin_return_address(0));
> }
---end quoted text---
^ permalink raw reply [flat|nested] 16+ messages in thread* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-06 13:01 ` Christoph Hellwig
@ 2020-04-06 14:06 ` Peter Zijlstra
2020-04-17 12:57 ` Sakari Ailus
1 sibling, 0 replies; 16+ messages in thread
From: Peter Zijlstra @ 2020-04-06 14:06 UTC (permalink / raw)
To: Christoph Hellwig
Cc: Andrew Morton, linux-kernel, linux-mm, jroedel, vbabka, urezki,
Thomas Gleixner, Olof Johansson, Sakari Ailus,
Mauro Carvalho Chehab
On Mon, Apr 06, 2020 at 06:01:55AM -0700, Christoph Hellwig wrote:
> On Fri, Apr 03, 2020 at 06:32:53PM +0200, Peter Zijlstra wrote:
> >
> > __get_vm_area() is an exported symbol, make sure the callers stay in
> > the expected memory range. When calling this function with memory
> > ranges outside of the VMALLOC range *bad* things can happen.
> >
> > (I noticed this when I managed to corrupt the kernel text by accident)
>
> Maybe it is time to unexport it? There are only two users:
>
> - staging/media/ipu3 really should be using vmap. And given that it
> is a staging driver it really doesn't matter anyway if we break it.
> - pcmcia/electra_cf.c is actually using it for something that is not
> a vmalloc address. But it is so special that I think prohibiting
> to build it as module seems fine.
I think I just sent you a patch along those lines ;-)
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-06 13:01 ` Christoph Hellwig
2020-04-06 14:06 ` Peter Zijlstra
@ 2020-04-17 12:57 ` Sakari Ailus
2020-04-17 13:14 ` Peter Zijlstra
1 sibling, 1 reply; 16+ messages in thread
From: Sakari Ailus @ 2020-04-17 12:57 UTC (permalink / raw)
To: Christoph Hellwig
Cc: Peter Zijlstra, Andrew Morton, linux-kernel, linux-mm, jroedel,
vbabka, urezki, Thomas Gleixner, Olof Johansson,
Mauro Carvalho Chehab
Hi Christoph,
On Mon, Apr 06, 2020 at 06:01:55AM -0700, Christoph Hellwig wrote:
> On Fri, Apr 03, 2020 at 06:32:53PM +0200, Peter Zijlstra wrote:
> >
> > __get_vm_area() is an exported symbol, make sure the callers stay in
> > the expected memory range. When calling this function with memory
> > ranges outside of the VMALLOC range *bad* things can happen.
> >
> > (I noticed this when I managed to corrupt the kernel text by accident)
>
> Maybe it is time to unexport it? There are only two users:
>
> - staging/media/ipu3 really should be using vmap. And given that it
> is a staging driver it really doesn't matter anyway if we break it.
It's not very polite to suggest breaking other people's drivers for such a
small matter, staging or not. That'd be bound to break kernel compilation
for a lot of people, if for nothing else.
Anyway, thanks for cc'ing me. I agree with suggestion and I'll submit a
patch to address it.
--
Regards,
Sakari Ailus
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-17 12:57 ` Sakari Ailus
@ 2020-04-17 13:14 ` Peter Zijlstra
2020-04-17 13:38 ` Sakari Ailus
0 siblings, 1 reply; 16+ messages in thread
From: Peter Zijlstra @ 2020-04-17 13:14 UTC (permalink / raw)
To: Sakari Ailus
Cc: Christoph Hellwig, Andrew Morton, linux-kernel, linux-mm,
jroedel, vbabka, urezki, Thomas Gleixner, Olof Johansson,
Mauro Carvalho Chehab
On Fri, Apr 17, 2020 at 03:57:35PM +0300, Sakari Ailus wrote:
> Hi Christoph,
>
> On Mon, Apr 06, 2020 at 06:01:55AM -0700, Christoph Hellwig wrote:
> > On Fri, Apr 03, 2020 at 06:32:53PM +0200, Peter Zijlstra wrote:
> > >
> > > __get_vm_area() is an exported symbol, make sure the callers stay in
> > > the expected memory range. When calling this function with memory
> > > ranges outside of the VMALLOC range *bad* things can happen.
> > >
> > > (I noticed this when I managed to corrupt the kernel text by accident)
> >
> > Maybe it is time to unexport it? There are only two users:
> >
> > - staging/media/ipu3 really should be using vmap. And given that it
> > is a staging driver it really doesn't matter anyway if we break it.
>
> It's not very polite to suggest breaking other people's drivers for such a
> small matter, staging or not. That'd be bound to break kernel compilation
> for a lot of people, if for nothing else.
>
> Anyway, thanks for cc'ing me. I agree with suggestion and I'll submit a
> patch to address it.
Already done, see:
https://lkml.kernel.org/r/20200414131348.444715-5-hch@lst.de
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-17 13:14 ` Peter Zijlstra
@ 2020-04-17 13:38 ` Sakari Ailus
0 siblings, 0 replies; 16+ messages in thread
From: Sakari Ailus @ 2020-04-17 13:38 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Christoph Hellwig, Andrew Morton, linux-kernel, linux-mm,
jroedel, vbabka, urezki, Thomas Gleixner, Olof Johansson,
Mauro Carvalho Chehab
On Fri, Apr 17, 2020 at 03:14:24PM +0200, Peter Zijlstra wrote:
> On Fri, Apr 17, 2020 at 03:57:35PM +0300, Sakari Ailus wrote:
> > Hi Christoph,
> >
> > On Mon, Apr 06, 2020 at 06:01:55AM -0700, Christoph Hellwig wrote:
> > > On Fri, Apr 03, 2020 at 06:32:53PM +0200, Peter Zijlstra wrote:
> > > >
> > > > __get_vm_area() is an exported symbol, make sure the callers stay in
> > > > the expected memory range. When calling this function with memory
> > > > ranges outside of the VMALLOC range *bad* things can happen.
> > > >
> > > > (I noticed this when I managed to corrupt the kernel text by accident)
> > >
> > > Maybe it is time to unexport it? There are only two users:
> > >
> > > - staging/media/ipu3 really should be using vmap. And given that it
> > > is a staging driver it really doesn't matter anyway if we break it.
> >
> > It's not very polite to suggest breaking other people's drivers for such a
> > small matter, staging or not. That'd be bound to break kernel compilation
> > for a lot of people, if for nothing else.
> >
> > Anyway, thanks for cc'ing me. I agree with suggestion and I'll submit a
> > patch to address it.
>
> Already done, see:
>
> https://lkml.kernel.org/r/20200414131348.444715-5-hch@lst.de
Ah, thanks for pointing this out. Please ignore this then.
--
Regards,
Sakari Ailus
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
@ 2020-04-04 15:35 William Kucharski
2020-04-04 18:52 ` Uladzislau Rezki
0 siblings, 1 reply; 16+ messages in thread
From: William Kucharski @ 2020-04-04 15:35 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Andrew Morton, linux-kernel, linux-mm, jroedel, vbabka, urezki,
Thomas Gleixner
Is there any need to similarly sanitize “size” to assure start + size doesn’t go past “end?”
> On Apr 3, 2020, at 10:33, Peter Zijlstra <peterz@infradead.org> wrote:
>
>
> __get_vm_area() is an exported symbol, make sure the callers stay in
> the expected memory range. When calling this function with memory
> ranges outside of the VMALLOC range *bad* things can happen.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-04 15:35 William Kucharski
@ 2020-04-04 18:52 ` Uladzislau Rezki
2020-04-05 5:25 ` William Kucharski
0 siblings, 1 reply; 16+ messages in thread
From: Uladzislau Rezki @ 2020-04-04 18:52 UTC (permalink / raw)
To: William Kucharski
Cc: Peter Zijlstra, Andrew Morton, linux-kernel, linux-mm, jroedel,
vbabka, urezki, Thomas Gleixner
>
> Is there any need to similarly sanitize “size” to assure start + size doesn’t go past “end?”
>
Why is that double check needed if all such tests are done deeper on stack?
--
Vlad Rezki
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-04 18:52 ` Uladzislau Rezki
@ 2020-04-05 5:25 ` William Kucharski
2020-04-05 17:23 ` Uladzislau Rezki
0 siblings, 1 reply; 16+ messages in thread
From: William Kucharski @ 2020-04-05 5:25 UTC (permalink / raw)
To: Uladzislau Rezki
Cc: Peter Zijlstra, Andrew Morton, linux-kernel, linux-mm, jroedel,
vbabka, Thomas Gleixner
> On Apr 4, 2020, at 12:52 PM, Uladzislau Rezki <urezki@gmail.com> wrote:
>
>>
>> Is there any need to similarly sanitize “size” to assure start + size doesn’t go past “end?”
>>
> Why is that double check needed if all such tests are done deeper on stack?
If such tests ARE performed, then it doesn't matter to me whether it is checked before or after,
it just seems that nothing checks whether start + size makes some sort of sense with respect
to end.
I admit I didn't walk through all the routines to see if such a check would be superfluous.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-05 5:25 ` William Kucharski
@ 2020-04-05 17:23 ` Uladzislau Rezki
2020-04-05 19:21 ` Uladzislau Rezki
0 siblings, 1 reply; 16+ messages in thread
From: Uladzislau Rezki @ 2020-04-05 17:23 UTC (permalink / raw)
To: William Kucharski
Cc: Uladzislau Rezki, Peter Zijlstra, Andrew Morton, linux-kernel,
linux-mm, jroedel, vbabka, Thomas Gleixner
On Sat, Apr 04, 2020 at 11:25:45PM -0600, William Kucharski wrote:
>
>
> > On Apr 4, 2020, at 12:52 PM, Uladzislau Rezki <urezki@gmail.com> wrote:
> >
> >>
> >> Is there any need to similarly sanitize “size” to assure start + size doesn’t go past “end?”
> >>
> > Why is that double check needed if all such tests are done deeper on stack?
>
> If such tests ARE performed, then it doesn't matter to me whether it is checked before or after,
> it just seems that nothing checks whether start + size makes some sort of sense with respect
> to end.
>
> I admit I didn't walk through all the routines to see if such a check would be superfluous.
>
Yes, we check it:
<snip>
static __always_inline bool
is_within_this_va(struct vmap_area *va, unsigned long size,
unsigned long align, unsigned long vstart)
{
...
return (nva_start_addr + size <= va->va_end);
}
<snip>
--
Vlad Rezki
^ permalink raw reply [flat|nested] 16+ messages in thread* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-05 17:23 ` Uladzislau Rezki
@ 2020-04-05 19:21 ` Uladzislau Rezki
2020-04-05 20:49 ` William Kucharski
0 siblings, 1 reply; 16+ messages in thread
From: Uladzislau Rezki @ 2020-04-05 19:21 UTC (permalink / raw)
To: William Kucharski
Cc: William Kucharski, Peter Zijlstra, Andrew Morton, linux-kernel,
linux-mm, jroedel, vbabka, Thomas Gleixner
On Sun, Apr 05, 2020 at 07:23:15PM +0200, Uladzislau Rezki wrote:
> On Sat, Apr 04, 2020 at 11:25:45PM -0600, William Kucharski wrote:
> >
> >
> > > On Apr 4, 2020, at 12:52 PM, Uladzislau Rezki <urezki@gmail.com> wrote:
> > >
> > >>
> > >> Is there any need to similarly sanitize “size” to assure start + size doesn’t go past “end?”
> > >>
> > > Why is that double check needed if all such tests are done deeper on stack?
> >
> > If such tests ARE performed, then it doesn't matter to me whether it is checked before or after,
> > it just seems that nothing checks whether start + size makes some sort of sense with respect
> > to end.
> >
> > I admit I didn't walk through all the routines to see if such a check would be superfluous.
> >
> Yes, we check it:
>
> <snip>
> static __always_inline bool
> is_within_this_va(struct vmap_area *va, unsigned long size,
> unsigned long align, unsigned long vstart)
> {
> ...
> return (nva_start_addr + size <= va->va_end);
> }
> <snip>
>
Sorry, was thinking about one place showed different one. Here we go:
<snip>
/* Check the "vend" restriction. */
if (nva_start_addr + size > vend)
return vend;
<snip>
--
Vlad Rezki
^ permalink raw reply [flat|nested] 16+ messages in thread* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-05 19:21 ` Uladzislau Rezki
@ 2020-04-05 20:49 ` William Kucharski
2020-04-06 12:59 ` Uladzislau Rezki
0 siblings, 1 reply; 16+ messages in thread
From: William Kucharski @ 2020-04-05 20:49 UTC (permalink / raw)
To: Uladzislau Rezki
Cc: Peter Zijlstra, Andrew Morton, linux-kernel, linux-mm, jroedel,
Vlastimil Babka, Thomas Gleixner
That's fine.
One could still argue size should be sanitized earlier when start and end
are, but it's a nit either way (though size is used before it's checked,
it's not in any way that could fail with bad results.)
-- Bill
> On Apr 5, 2020, at 1:21 PM, Uladzislau Rezki <urezki@gmail.com> wrote:
>
> On Sun, Apr 05, 2020 at 07:23:15PM +0200, Uladzislau Rezki wrote:
> Sorry, was thinking about one place showed different one. Here we go:
>
> <snip>
> /* Check the "vend" restriction. */
> if (nva_start_addr + size > vend)
> return vend;
> <snip>
>
> --
> Vlad Rezki
^ permalink raw reply [flat|nested] 16+ messages in thread* Re: [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments
2020-04-05 20:49 ` William Kucharski
@ 2020-04-06 12:59 ` Uladzislau Rezki
0 siblings, 0 replies; 16+ messages in thread
From: Uladzislau Rezki @ 2020-04-06 12:59 UTC (permalink / raw)
To: William Kucharski
Cc: Uladzislau Rezki, Peter Zijlstra, Andrew Morton, linux-kernel,
linux-mm, jroedel, Vlastimil Babka, Thomas Gleixner
On Sun, Apr 05, 2020 at 02:49:13PM -0600, William Kucharski wrote:
> That's fine.
>
> One could still argue size should be sanitized earlier when start and end
> are, but it's a nit either way (though size is used before it's checked,
> it's not in any way that could fail with bad results.)
>
Agree. Therefore i do not have a strong opinion here, so it
basically depends on how to look at it :)
--
Vlad Rezki
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2020-04-17 13:38 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-03 16:32 [PATCH] mm/vmalloc: Sanitize __get_vm_area() arguments Peter Zijlstra
2020-04-03 18:18 ` Uladzislau Rezki
2020-04-03 18:53 ` Peter Zijlstra
2020-04-04 19:00 ` Uladzislau Rezki
2020-04-06 13:01 ` Christoph Hellwig
2020-04-06 14:06 ` Peter Zijlstra
2020-04-17 12:57 ` Sakari Ailus
2020-04-17 13:14 ` Peter Zijlstra
2020-04-17 13:38 ` Sakari Ailus
2020-04-04 15:35 William Kucharski
2020-04-04 18:52 ` Uladzislau Rezki
2020-04-05 5:25 ` William Kucharski
2020-04-05 17:23 ` Uladzislau Rezki
2020-04-05 19:21 ` Uladzislau Rezki
2020-04-05 20:49 ` William Kucharski
2020-04-06 12:59 ` Uladzislau Rezki
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).