[PATCH v2 17/19] commands: md: Do not use memmap()

[Andrey Smirnov <andrew.smirnov@xxxxxxxxx>]

Codepaths using memmap() in md.c don't do any boundary checks, so it
can be easily made to read past the underlying file's
boundary. For example on i.MX8MQ based board with 4GiB or RAM we get:

md -b -s /dev/ram0 0xfffffff0
fffffff0: 00 00 00 00 00 00 08 0c  00 02 20 00 20 00 05 20   .......... . ..
100000000: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000010: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000020: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000030: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000040: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000050: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000060: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000070: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000080: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000090: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
1000000a0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
1000000b0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
1000000c0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
1000000d0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
1000000e0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................

Drop the memmap() realted codepath, so we can realy on boundary
checking done by file I/O layer.

Note that this change has a cosmetic side effect, before:

md -b 0x7ffffffffffffffff000
7ffffffffffff000: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff010: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff020: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff030: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff040: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff050: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff060: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff070: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff080: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff090: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0a0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0b0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0c0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0d0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0e0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0f0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................

after:

md -b 0x7ffffffffffffffff000
7ffffffffffff000: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff010: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff020: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff030: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff040: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff050: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff060: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff070: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff080: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff090: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0a0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0b0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0c0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0d0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0e0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0f0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................

Signed-off-by: Andrey Smirnov <andrew.smirnov@xxxxxxxxx>
---
 commands/md.c      | 8 --------
 drivers/misc/mem.c | 2 +-
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/commands/md.c b/commands/md.c
index 2389c12d1..507823c67 100644
--- a/commands/md.c
+++ b/commands/md.c
@@ -43,7 +43,6 @@ static int do_mem_md(int argc, char *argv[])
 	char *filename = "/dev/mem";
 	int mode = O_RWSIZE_4;
 	int swab = 0;
-	void *map;
 	void *buf = NULL;
 
 	if (argc < 2)
@@ -66,13 +65,6 @@ static int do_mem_md(int argc, char *argv[])
 	if (fd < 0)
 		return 1;
 
-	map = memmap(fd, PROT_READ);
-	if (map != MAP_FAILED) {
-		ret = memory_display(map + start, start, size,
-				mode >> O_RWSIZE_SHIFT, swab);
-		goto out;
-	}
-
 	buf = xmalloc(RW_BUF_SIZE);
 
 	do {
diff --git a/drivers/misc/mem.c b/drivers/misc/mem.c
index 60981a3e9..2f3316307 100644
--- a/drivers/misc/mem.c
+++ b/drivers/misc/mem.c
@@ -8,7 +8,7 @@
 #include <init.h>
 
 static struct cdev_operations memops = {
-	.read  = mem_read,
+	.read  = mem_read_nofail,
 	.write = mem_write,
 	.memmap = generic_memmap_rw,
 };
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox