On Fri, Feb 19, 2016 at 10:14 AM, Catalin Marinas
wrote:
>
> Unless I misunderstand it, I don't think the user is even aware of this
> potential problem. Let's say it mmap's a file (script etc.) which
> contains a string (file name) towards the end of the last page. Such
> pointer gets passed to s
On Tue, Feb 16, 2016 at 10:50:02AM -0800, Linus Torvalds wrote:
> On Tue, Feb 16, 2016 at 9:04 AM, Will Deacon wrote:
> > [replying to self and adding some x86 people]
> >
> > Background: Euntaik reports a problem where userspace has ended up with
> > a memory page mapped adjacent to an MMIO page
2016-02-17 2:11 GMT+09:00 Catalin Marinas :
> On Tue, Feb 16, 2016 at 04:44:38AM +, EunTaik Lee wrote:
>> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
>> index 19211c4..a5ebb99 100644
>> --- a/arch/arm64/mm/fault.c
>> +++ b/arch/arm64/mm/fault.c
>> @@ -371,6 +371,14 @@ static int
On Tue, Feb 16, 2016 at 1:42 PM, Linus Torvalds
wrote:
>
> On Feb 16, 2016 1:31 PM, "Arjan van de Ven" wrote:
>>
>> but what happens to the read if the page isn't present?
>> or is execute-only or .. or ..
>
> If we actually get a fault and handle the exception (not handling the
> exception was t
On Tue, Feb 16, 2016 at 01:31:36PM -0800, Arjan van de Ven wrote:
> On 2/16/2016 10:50 AM, Linus Torvalds wrote:
> >On Tue, Feb 16, 2016 at 9:04 AM, Will Deacon wrote:
> >>[replying to self and adding some x86 people]
> >>
> >>Background: Euntaik reports a problem where userspace has ended up with
On 2/16/2016 10:50 AM, Linus Torvalds wrote:
On Tue, Feb 16, 2016 at 9:04 AM, Will Deacon wrote:
[replying to self and adding some x86 people]
Background: Euntaik reports a problem where userspace has ended up with
a memory page mapped adjacent to an MMIO page (e.g. from /dev/mem or a
PCI memo
On Tue, Feb 16, 2016 at 9:04 AM, Will Deacon wrote:
> [replying to self and adding some x86 people]
>
> Background: Euntaik reports a problem where userspace has ended up with
> a memory page mapped adjacent to an MMIO page (e.g. from /dev/mem or a
> PCI memory bar from someplace in /sys). strncpy
On Tue, Feb 16, 2016 at 04:44:38AM +, EunTaik Lee wrote:
> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
> index 19211c4..a5ebb99 100644
> --- a/arch/arm64/mm/fault.c
> +++ b/arch/arm64/mm/fault.c
> @@ -371,6 +371,14 @@ static int __kprobes do_translation_fault(unsigned long
> add
On Tue, Feb 16, 2016 at 04:00:55PM +, Will Deacon wrote:
> On Tue, Feb 16, 2016 at 12:21:53PM +, Catalin Marinas wrote:
> > On Tue, Feb 16, 2016 at 10:57:49AM +, Robin Murphy wrote:
> > > On 16/02/16 10:31, Will Deacon wrote:
> > > >On Tue, Feb 16, 2016 at 04:44:35AM +, EunTaik Lee
[replying to self and adding some x86 people]
Background: Euntaik reports a problem where userspace has ended up with
a memory page mapped adjacent to an MMIO page (e.g. from /dev/mem or a
PCI memory bar from someplace in /sys). strncpy_from_user happens with
the word-at-a-time implementation, and
On Tue, Feb 16, 2016 at 12:21:53PM +, Catalin Marinas wrote:
> On Tue, Feb 16, 2016 at 10:57:49AM +, Robin Murphy wrote:
> > On 16/02/16 10:31, Will Deacon wrote:
> > >On Tue, Feb 16, 2016 at 04:44:35AM +, EunTaik Lee wrote:
> > >>Userspace memory is mapped as below:
> > >>F2A7F000--F2A
On Tue, Feb 16, 2016 at 10:57:49AM +, Robin Murphy wrote:
> On 16/02/16 10:31, Will Deacon wrote:
> >On Tue, Feb 16, 2016 at 04:44:35AM +, EunTaik Lee wrote:
> >>Userspace memory is mapped as below:
> >>F2A7F000--F2A7 Normal Memory
> >>F2A8--F2A80FFF Device nGnRnE
> >>
> >>And that
On 16/02/16 10:31, Will Deacon wrote:
On Tue, Feb 16, 2016 at 04:44:35AM +, EunTaik Lee wrote:
Userspace memory is mapped as below:
F2A7F000--F2A7 Normal Memory
F2A8--F2A80FFF Device nGnRnE
And that userspace application makes a system call
as below:
-009 |do_strncpy_from_user(inli
On Tue, Feb 16, 2016 at 04:44:35AM +, EunTaik Lee wrote:
> Userspace memory is mapped as below:
> F2A7F000--F2A7 Normal Memory
> F2A8--F2A80FFF Device nGnRnE
>
> And that userspace application makes a system call
> as below:
>
> -009 |do_strncpy_from_user(inline)
> -009 |strncpy_from_
Userspace memory is mapped as below:
F2A7F000--F2A7 Normal Memory
F2A8--F2A80FFF Device nGnRnE
And that userspace application makes a system call
as below:
-009 |do_strncpy_from_user(inline)
-009 |strncpy_from_user()
-010 |getname_flags()
-011 |user_path_at_empty()
-012 |user_path_at()
-0
15 matches
Mail list logo
