Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AM3PR05MB0935AA4898B4B519D2DAA3C4DCF20@AM3PR05MB0935.eurprd05.prod.outlook.com>
Date: Thu, 2 Apr 2015 10:52:52 +0000
From: Shachar Raindel <raindel@...lanox.com>
To: Yann Droneaud <ydroneaud@...eya.com>
CC: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
	"<linux-rdma@...r.kernel.org> (linux-rdma@...r.kernel.org)"
	<linux-rdma@...r.kernel.org>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "stable@...r.kernel.org"
	<stable@...r.kernel.org>
Subject: RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical
 memory access

Hi,

> -----Original Message-----
> From: Yann Droneaud [mailto:ydroneaud@...eya.com]
> Sent: Thursday, April 02, 2015 1:05 PM
> To: Shachar Raindel
> Cc: oss-security@...ts.openwall.com; <linux-rdma@...r.kernel.org>
> (linux-rdma@...r.kernel.org); linux-kernel@...r.kernel.org;
> stable@...r.kernel.org
> Subject: Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected
> physical memory access
> 
> Hi,
> 
> Le mercredi 18 mars 2015 à 17:39 +0000, Shachar Raindel a écrit :
> > Hi,
> >

<snipped long e-mail>
 
> > +	/*
> > +	 * If the combination of the addr and size requested for this
> memory
> > +	 * region causes an integer overflow, return error.
> > +	 */
> > +	if ((PAGE_ALIGN(addr + size) <= size) ||
> > +	    (PAGE_ALIGN(addr + size) <= addr))
> > +		return ERR_PTR(-EINVAL);
> > +
> 
> Can access_ok() be used here ?
> 
>          if (!access_ok(writable ? VERIFY_WRITE : VERIFY_READ,
>                         addr, size))
>                   return ERR_PTR(-EINVAL);
> 

No, this will break the current ODP semantics.

ODP allows the user to register memory that is not accessible yet.
This is a critical design feature, as it allows avoiding holding
a registration cache. Adding this check will break the behavior,
forcing memory to be all accessible when registering an ODP MR.

Thanks,
--Shachar

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.