[PATCH 0/1] Prevent possible PTE corruption with /dev/mem mmap

From: Frantisek Hrbata
Date: Thu Aug 14 2014 - 10:19:26 EST


Hi all,

after some time this issue popped up again. Please note that the patch was send
to lkml two times.

https://lkml.org/lkml/2013/4/2/297
lkml: <1364905733-23937-1-git-send-email-fhrbata@xxxxxxxxxx>
https://lkml.org/lkml/2013/10/2/359
lkml: <20131002160514.GA25471@xxxxxxxxxxxxxxxxxxxxx>

It did not get much attention, except H. Peter Anvin's complain that having two
checks for mmap and read/write for /dev/mem access is ridiculous. I for sure do
not object to this, but AFAICT it's not that simple to unify them and it's not
"directly" related to the PTE corruption. Please note that there are other
archs(ia64, arm) using these check. But I for sure can be missing something.

What the patch does is using the existing interface to implement x86 specific
check in the least invasive way.

Peter: I by no means want to be pushy. Just that after I looked into this a
little bit more, I don't see a better and more straightforward way how to fix
this. I will be grateful for any suggestions and help. If we want/need to fix
this in a different way, I can for sure try, but I will need at least some
guidance.

So I'm posting this once more with a hope it will get more attention or at least
to start the discussion how/if this should be fixed.

The patch is the same except I added a check for phys addr overflow before
calling phys_addr_valid. Maybe this check should be in do_mmap_pgoff.

Many thanks

Frantisek Hrbata (1):
x86: add phys addr validity check for /dev/mem mmap

arch/x86/include/asm/io.h | 4 ++++
arch/x86/mm/mmap.c | 18 ++++++++++++++++++
2 files changed, 22 insertions(+)

--
1.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/