Hi, > -----Original Message----- > From: Yann Droneaud [mailto:ydrone...@opteya.com] > Sent: Thursday, April 02, 2015 1:05 PM > To: Shachar Raindel > Cc: oss-secur...@lists.openwall.com; <linux-r...@vger.kernel.org> > (linux-r...@vger.kernel.org); linux-kernel@vger.kernel.org; > sta...@vger.kernel.org > Subject: Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected > physical memory access > > Hi, > > Le mercredi 18 mars 2015 à 17:39 +0000, Shachar Raindel a écrit : > > Hi, > >
<snipped long e-mail> > > + /* > > + * If the combination of the addr and size requested for this > memory > > + * region causes an integer overflow, return error. > > + */ > > + if ((PAGE_ALIGN(addr + size) <= size) || > > + (PAGE_ALIGN(addr + size) <= addr)) > > + return ERR_PTR(-EINVAL); > > + > > Can access_ok() be used here ? > > if (!access_ok(writable ? VERIFY_WRITE : VERIFY_READ, > addr, size)) > return ERR_PTR(-EINVAL); > No, this will break the current ODP semantics. ODP allows the user to register memory that is not accessible yet. This is a critical design feature, as it allows avoiding holding a registration cache. Adding this check will break the behavior, forcing memory to be all accessible when registering an ODP MR. Thanks, --Shachar
