Re: [GIT PULL] char/misc driver patches for 3.16-rc1

From: Linus Torvalds
Date: Tue Jun 03 2014 - 11:32:55 EST


On Mon, Jun 2, 2014 at 10:44 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> Bin Wang (1):
> uio: fix vma io range check in mmap

Greg, this is BS.

If the UIO memory size is smaller than a page, we cannot mmap it
safely, because the mmap will map random memory *after* the memory
area too. This is not like a regular file mapping where the kernel can
just zero-pad up to the end of the page.

We had this bug before (and even worse - it would mmap unaligned IO
structures too, so now the actual mapped address didn't actually
correspond to the returned user mapping address at all), and we fixed
them. See

7314e613d5ff Fix a few incorrectly checked [io_]remap_pfn_range() calls
b65502879556 uio: we cannot mmap unaligned page contents

so now you've re-introduced part of the problem, and marked it for stable too.

The commit log shows nothing useful. It basically just says "let's
reintroduce this bug" without even giving an excuse why that would be
a good idea.

And it really _isn't_ a good idea. At least you didn't remove the
alignment check, but the thing is, if a resource is less than a page
in size, it's quite possibly also unaligned, so the fix doesn't even
*fix* anything, except by pure luck. The fact is, memory-mapping
device areas smaller than one page is simply a bad bad idea.

Don't do this shit.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/