Re: [PATCH v3 02/11] mm: Hardened usercopy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/20/2016 03:24 AM, Balbir Singh wrote:
On Tue, 2016-07-19 at 11:48 -0700, Kees Cook wrote:
On Mon, Jul 18, 2016 at 6:06 PM, Laura Abbott <labbott@xxxxxxxxxx> wrote:

On 07/15/2016 02:44 PM, Kees Cook wrote:

This doesn't work when copying CMA allocated memory since CMA purposely
allocates larger than a page block size without setting head pages.
Given CMA may be used with drivers doing zero copy buffers, I think it
should be permitted.

Something like the following lets it pass (I can clean up and submit
the is_migrate_cma_page APIs as a separate patch for review)
Yeah, this would be great. I'd rather use an accessor to check this
than a direct check for MIGRATE_CMA.

         */
        for (; ptr <= end ; ptr += PAGE_SIZE, page = virt_to_head_page(ptr))
{
-               if (!PageReserved(page))
+               if (!PageReserved(page) && !is_migrate_cma_page(page))
                        return "<spans multiple pages>";
        }
Yeah, I'll modify this a bit so that which type it starts as is
maintained for all pages (rather than allowing to flip back and forth
-- even though that is likely impossible).

Sorry, I completely missed the MIGRATE_CMA bits. Could you clarify if you
caught this in testing/review?

Balbir Singh.


I caught it while looking at the code and then wrote a test case to confirm
I was correct because I wasn't sure how to easily find an in tree user.

Thanks,
Laura

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]