Re: [RFC] prevent "dd if=/dev/mem" crash

From: Eric W. Biederman
Date: Sun Oct 19 2003 - 06:28:52 EST


Andrew Morton <akpm@xxxxxxxx> writes:

> David Mosberger <davidm@xxxxxxxxxxxxxxxxx> wrote:
> >
> > >>>>> On Fri, 17 Oct 2003 16:55:43 -0700, Andrew Morton <akpm@xxxxxxxx> said:
> >
> > >> If we really believe copy_*_user() must correctly handle *all* faults,
> > >> isn't the "p >= __pa(high_memory)" test superfluous?
> >
> > Andrew> This code was conceived before my time and I don't recall seeing much
>
> > Andrew> discussion, so this is all guesswork..
> >
> > Andrew> I'd say that the high_memory test _is_ superfluous and that
> > Andrew> if anyone cared, we would remove it and establish a
> > Andrew> temporary pte against the address if it was outside the
> > Andrew> direct-mapped area. But nobody cares enough to have done
> > Andrew> anything about it.

This can be useful for the case of > 4GB on a 32bit box. But for mmio
it is useless.

> > What about memory-mapped device registers? Isn't all memory
> > physically contiguous on x86 and that's why the "p >=
> > __pa(high_memory)" test saves you from that?
>
> We _want_ to be able to read mmio ranges via /dev/mem, don't we? I guess
> it has never come up because everyone uses kmem.

No.

sys_read/sys_write does not give you enough control to write a device driver
from user space if you want to access something other than RAM you need to
mmap /dev/mem and issue the appropriate read/write commands.

On ia64 you can send the variant that won't generate a machine check if it
fails. You can get the alignment right etc, etc.

And even if you can get the interface right from user space to make mmio
work through sys_read/sys_write it will still be slow and silly to use.
And since it is useless it will go unused and then regress in
strange peculiar unexpected ways.

We do have all of the information we need in struct page to see if a
page address is valid, so checking that is reasonable. I suspect it
will require some interesting variant of pfn_to_page to handle of the
weird sparse memory locations properly.

Of course it might just be reasonable to require knowing and
responsible use of /dev/mem. Whatever you are doing.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/