Re: SPARC version of arch_validate_prot() looks broken (UAF read)

From: Christoph Hellwig
Date: Wed Oct 07 2020 - 02:17:09 EST

Next message: Christoph Hellwig: "Re: [PATCH 8/8] WIP: add a dma_alloc_contiguous API"
Previous message: Moshe Shemesh: "[PATCH net-next v2 16/16] devlink: Add Documentation/networking/devlink/devlink-reload.rst"
In reply to: Jann Horn: "Re: SPARC version of arch_validate_prot() looks broken (UAF read)"
Next in thread: Jann Horn: "Re: SPARC version of arch_validate_prot() looks broken (UAF read)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 07, 2020 at 02:45:39AM +0200, Jann Horn wrote:
> > I think arch_validate_prot() is still the right hook to validate the
> > protection bits. sparc_validate_prot() can iterate over VMAs with read
> > lock. This will, of course, require range as well to be passed to
> > arch_validate_prot().
>
> In that case, do you want to implement this?

Any reason to not just call arch_validate_prot after taking the mmap
lock?

Next message: Christoph Hellwig: "Re: [PATCH 8/8] WIP: add a dma_alloc_contiguous API"
Previous message: Moshe Shemesh: "[PATCH net-next v2 16/16] devlink: Add Documentation/networking/devlink/devlink-reload.rst"
In reply to: Jann Horn: "Re: SPARC version of arch_validate_prot() looks broken (UAF read)"
Next in thread: Jann Horn: "Re: SPARC version of arch_validate_prot() looks broken (UAF read)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]