On Mon, Jan 28, 2019 at 10:55:47PM -0800, Andrey Smirnov wrote: > Codepaths using memmap() in md.c don't do any boundary checks, so it > can be easily made to read past the underlying file's > boundary. For example on i.MX8MQ based board with 4GiB or RAM we get: > > md -b -s /dev/ram0 0xfffffff0 > fffffff0: 00 00 00 00 00 00 08 0c 00 02 20 00 20 00 05 20 .......... . .. > 100000000: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 100000010: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 100000020: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 100000030: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 100000040: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 100000050: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 100000060: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 100000070: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 100000080: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 100000090: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 1000000a0: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 1000000b0: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 1000000c0: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 1000000d0: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > 1000000e0: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ > > Drop the memmap() realted codepath, so we can realy on boundary > checking done by file I/O layer. > > Note that this change has a cosmetic side effect, before: With this change we can no longer see that the underlying memory cannot be accessed 'xx'. I find this feature very useful and don't want to loose it. If we want to do size checking we can do this, well, by checking the size. We could add offset/size parameters to memmap(). So, dropped this patch for now. Sascha -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox