Re: [PATCH v1 2/2] IB/core: don't disallow registering region starting at 0x0
On 14/04/2015 15:50, Sagi Grimberg wrote: > On 4/14/2015 3:00 PM, Yann Droneaud wrote: >> Le mardi 14 avril 2015 à 12:20 +0300, Sagi Grimberg a écrit : >>> On 4/13/2015 3:56 PM, Yann Droneaud wrote: ... diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c index 9ac4068d2088..38acb3cfc545 100644 --- a/drivers/infiniband/core/umem.c +++ b/drivers/infiniband/core/umem.c @@ -106,8 +106,8 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, * If the combination of the addr and size requested for this memory * region causes an integer overflow, return error. */ -if ((PAGE_ALIGN(addr + size) <= size) || -(PAGE_ALIGN(addr + size) <= addr)) +if (((addr + size) < addr) || +PAGE_ALIGN(addr + size) < (addr + size)) >>> >>> If you do change the first statement to be: (addr + size) <= addr >>> wouldn't it cover patch #1? >>> >> >> Yes, but it doesn't sound a great place to do it: here it's about >> overflow, so I'd prefer not doing the null memory region check there. >> >> Regards. >> > > Sounds reasonable to me. Me too. As long as we prevent the integer overflow, there is no need to disallow regions starting at 0x0. Reviewed-by: Haggai Eran > > Reviewed-by: Sagi Grimberg > > Let's poke Shachar/Haggai to comment/approve on this as well. > -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v1 2/2] IB/core: don't disallow registering region starting at 0x0
On 4/14/2015 3:00 PM, Yann Droneaud wrote: Hi, Le mardi 14 avril 2015 à 12:20 +0300, Sagi Grimberg a écrit : On 4/13/2015 3:56 PM, Yann Droneaud wrote: In a call to ib_umem_get(), if address is 0x0 and size is already page aligned, check added in commit 8494057ab5e4 ("IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic") will refuse to register a memory region that could otherwise be valid (provided vm.mmap_min_addr sysctl and mmap_low_allowed SELinux knobs allow userspace to map something at address 0x0). This patch allows back such registration: ib_umem_get() should probably don't care of the base address provided it can be pinned with get_user_pages(). There's two possible overflows, in (addr + size) and in PAGE_ALIGN(addr + size), this patch keep ensuring none of them happen while allowing to pin memory at address 0x0. Anyway, the case of size equal 0 is no more (partially) handled as 0-length memory region are disallowed by an earlier check. Link: http://mid.gmane.org/cover.1428929103.git.ydrone...@opteya.com Cc: # 8494057ab5e4 ("IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic") Cc: Shachar Raindel Cc: Jack Morgenstein Cc: Or Gerlitz Signed-off-by: Yann Droneaud --- drivers/infiniband/core/umem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c index 9ac4068d2088..38acb3cfc545 100644 --- a/drivers/infiniband/core/umem.c +++ b/drivers/infiniband/core/umem.c @@ -106,8 +106,8 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, * If the combination of the addr and size requested for this memory * region causes an integer overflow, return error. */ - if ((PAGE_ALIGN(addr + size) <= size) || - (PAGE_ALIGN(addr + size) <= addr)) + if (((addr + size) < addr) || + PAGE_ALIGN(addr + size) < (addr + size)) If you do change the first statement to be: (addr + size) <= addr wouldn't it cover patch #1? Yes, but it doesn't sound a great place to do it: here it's about overflow, so I'd prefer not doing the null memory region check there. Regards. Sounds reasonable to me. Reviewed-by: Sagi Grimberg Let's poke Shachar/Haggai to comment/approve on this as well. -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v1 2/2] IB/core: don't disallow registering region starting at 0x0
Hi, Le mardi 14 avril 2015 à 12:20 +0300, Sagi Grimberg a écrit : > On 4/13/2015 3:56 PM, Yann Droneaud wrote: > > In a call to ib_umem_get(), if address is 0x0 and size is > > already page aligned, check added in commit 8494057ab5e4 > > ("IB/uverbs: Prevent integer overflow in ib_umem_get address > > arithmetic") will refuse to register a memory region that > > could otherwise be valid (provided vm.mmap_min_addr sysctl > > and mmap_low_allowed SELinux knobs allow userspace to map > > something at address 0x0). > > > > This patch allows back such registration: ib_umem_get() > > should probably don't care of the base address provided it > > can be pinned with get_user_pages(). > > > > There's two possible overflows, in (addr + size) and in > > PAGE_ALIGN(addr + size), this patch keep ensuring none > > of them happen while allowing to pin memory at address > > 0x0. Anyway, the case of size equal 0 is no more (partially) > > handled as 0-length memory region are disallowed by an > > earlier check. > > > > Link: http://mid.gmane.org/cover.1428929103.git.ydrone...@opteya.com > > Cc: # 8494057ab5e4 ("IB/uverbs: Prevent integer > > overflow in ib_umem_get address arithmetic") > > Cc: Shachar Raindel > > Cc: Jack Morgenstein > > Cc: Or Gerlitz > > Signed-off-by: Yann Droneaud > > --- > > drivers/infiniband/core/umem.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c > > index 9ac4068d2088..38acb3cfc545 100644 > > --- a/drivers/infiniband/core/umem.c > > +++ b/drivers/infiniband/core/umem.c > > @@ -106,8 +106,8 @@ struct ib_umem *ib_umem_get(struct ib_ucontext > > *context, unsigned long addr, > > * If the combination of the addr and size requested for this memory > > * region causes an integer overflow, return error. > > */ > > - if ((PAGE_ALIGN(addr + size) <= size) || > > - (PAGE_ALIGN(addr + size) <= addr)) > > + if (((addr + size) < addr) || > > + PAGE_ALIGN(addr + size) < (addr + size)) > > If you do change the first statement to be: (addr + size) <= addr > wouldn't it cover patch #1? > Yes, but it doesn't sound a great place to do it: here it's about overflow, so I'd prefer not doing the null memory region check there. Regards. -- Yann Droneaud OPTEYA -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v1 2/2] IB/core: don't disallow registering region starting at 0x0
On 4/13/2015 3:56 PM, Yann Droneaud wrote: In a call to ib_umem_get(), if address is 0x0 and size is already page aligned, check added in commit 8494057ab5e4 ("IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic") will refuse to register a memory region that could otherwise be valid (provided vm.mmap_min_addr sysctl and mmap_low_allowed SELinux knobs allow userspace to map something at address 0x0). This patch allows back such registration: ib_umem_get() should probably don't care of the base address provided it can be pinned with get_user_pages(). There's two possible overflows, in (addr + size) and in PAGE_ALIGN(addr + size), this patch keep ensuring none of them happen while allowing to pin memory at address 0x0. Anyway, the case of size equal 0 is no more (partially) handled as 0-length memory region are disallowed by an earlier check. Link: http://mid.gmane.org/cover.1428929103.git.ydrone...@opteya.com Cc: # 8494057ab5e4 ("IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic") Cc: Shachar Raindel Cc: Jack Morgenstein Cc: Or Gerlitz Signed-off-by: Yann Droneaud --- drivers/infiniband/core/umem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c index 9ac4068d2088..38acb3cfc545 100644 --- a/drivers/infiniband/core/umem.c +++ b/drivers/infiniband/core/umem.c @@ -106,8 +106,8 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, * If the combination of the addr and size requested for this memory * region causes an integer overflow, return error. */ - if ((PAGE_ALIGN(addr + size) <= size) || - (PAGE_ALIGN(addr + size) <= addr)) + if (((addr + size) < addr) || + PAGE_ALIGN(addr + size) < (addr + size)) If you do change the first statement to be: (addr + size) <= addr wouldn't it cover patch #1? Sagi. -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v1 2/2] IB/core: don't disallow registering region starting at 0x0
In a call to ib_umem_get(), if address is 0x0 and size is already page aligned, check added in commit 8494057ab5e4 ("IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic") will refuse to register a memory region that could otherwise be valid (provided vm.mmap_min_addr sysctl and mmap_low_allowed SELinux knobs allow userspace to map something at address 0x0). This patch allows back such registration: ib_umem_get() should probably don't care of the base address provided it can be pinned with get_user_pages(). There's two possible overflows, in (addr + size) and in PAGE_ALIGN(addr + size), this patch keep ensuring none of them happen while allowing to pin memory at address 0x0. Anyway, the case of size equal 0 is no more (partially) handled as 0-length memory region are disallowed by an earlier check. Link: http://mid.gmane.org/cover.1428929103.git.ydrone...@opteya.com Cc: # 8494057ab5e4 ("IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic") Cc: Shachar Raindel Cc: Jack Morgenstein Cc: Or Gerlitz Signed-off-by: Yann Droneaud --- drivers/infiniband/core/umem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c index 9ac4068d2088..38acb3cfc545 100644 --- a/drivers/infiniband/core/umem.c +++ b/drivers/infiniband/core/umem.c @@ -106,8 +106,8 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, * If the combination of the addr and size requested for this memory * region causes an integer overflow, return error. */ - if ((PAGE_ALIGN(addr + size) <= size) || - (PAGE_ALIGN(addr + size) <= addr)) + if (((addr + size) < addr) || + PAGE_ALIGN(addr + size) < (addr + size)) return ERR_PTR(-EINVAL); if (!can_do_mlock()) -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html