Re: [RFC] prevent "dd if=/dev/mem" crash

[David Mosberger]

>>>>> On Fri, 17 Oct 2003 16:55:43 -0700, Andrew Morton <akpm@xxxxxxxx> said:

  >> If we really believe copy_*_user() must correctly handle *all* faults,
  >> isn't the "p >= __pa(high_memory)" test superfluous?

  Andrew> This code was conceived before my time and I don't recall seeing much
  Andrew> discussion, so this is all guesswork..

  Andrew> I'd say that the high_memory test _is_ superfluous and that
  Andrew> if anyone cared, we would remove it and establish a
  Andrew> temporary pte against the address if it was outside the
  Andrew> direct-mapped area.  But nobody cares enough to have done
  Andrew> anything about it.

What about memory-mapped device registers?  Isn't all memory
physically contiguous on x86 and that's why the "p >=
__pa(high_memory)" test saves you from that?

  >> On ia64, a read to non-existent physical memory causes the processor
  >> to time out and take a machine check.  I'm not sure it's even possible
  >> to recover from that.

  Andrew> ick.  That would be very poor form.

Reasonable people can disagree on that.  One philosophy states that if
your kernel touches random addresses, it's better to signal a visible
error (machine-check) than to risk silent data corruption.

	--david
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/