Thanks for the hints Valdis.
2016-09-07 18:48 GMT+02:00 <Valdis.Kletnieks@xxxxxx>:
On Wed, 07 Sep 2016 15:47:30 +0200, Oscar Salvador said:
> You are right regarding security stuff, but was not my will either
> bypassing memory protections or crashing the system.
Never said that was your intent. The problem is that given that tool, some
other person can abuse your module with that intent.
> - I write a user program which allocates a buffer, then writes something to
> it and calls a my module via read/write
OK, I'll bite - how are you hooking the read/write syscalls to code in your
module? Via a pseudo-device and a struct *file_ops that points at your code?
I'm dealing with it with ioctls.
Oh - while you're at it, make sure your code deals properly with buffers that
cross page boundaries (for instance, a 512 byte buffer that starts at 3840
bytes into a 4K page, and ends 256 bytes into the next page - particularly
fun if the next page is either non-existent or paged out to swap. There's
reasons why the code in copy_(to|from)_user() is ugly...
Taken the struct vm_area_struct and the field vm_start
Are the first 4096 bytes from vm_start stored in one page, the next 4096 in another page and so on? (talking about 4k pages)
I'm asking that because in that case is easy to find out how many pages should I read (just in case a buffer is close to the end of a page and follows on the next page).
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
