oss-sec mailing list archives
RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access
From: Shachar Raindel <raindel () mellanox com>
Date: Thu, 2 Apr 2015 10:52:52 +0000
Hi,
-----Original Message----- From: Yann Droneaud [mailto:ydroneaud () opteya com] Sent: Thursday, April 02, 2015 1:05 PM To: Shachar Raindel Cc: oss-security () lists openwall com; <linux-rdma () vger kernel org> (linux-rdma () vger kernel org); linux-kernel () vger kernel org; stable () vger kernel org Subject: Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Hi, Le mercredi 18 mars 2015 à 17:39 +0000, Shachar Raindel a écrit :Hi,
<snipped long e-mail>
+ /* + * If the combination of the addr and size requested for thismemory+ * region causes an integer overflow, return error. + */ + if ((PAGE_ALIGN(addr + size) <= size) || + (PAGE_ALIGN(addr + size) <= addr)) + return ERR_PTR(-EINVAL); +Can access_ok() be used here ? if (!access_ok(writable ? VERIFY_WRITE : VERIFY_READ, addr, size)) return ERR_PTR(-EINVAL);
No, this will break the current ODP semantics. ODP allows the user to register memory that is not accessible yet. This is a critical design feature, as it allows avoiding holding a registration cache. Adding this check will break the behavior, forcing memory to be all accessible when registering an ODP MR. Thanks, --Shachar
Current thread:
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Roland Dreier (Apr 01)
- RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Roland Dreier (Apr 02)
- RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Roland Dreier (Apr 02)
- <Possible follow-ups>
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 02)
- RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 02)
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Haggai Eran (Apr 02)
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 02)
- RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 02)
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Haggai Eran (Apr 02)
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Solar Designer (Apr 02)
- RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
- RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 02)
- RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
- Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 08)