Re: [BUG] binfmt_elf: get_user() called in vma_dump_size() after set_fs(KERNEL_DS)

From: Roland McGrath <roland@xxxxxxxxxx>
Date: Fri, 6 Feb 2009 17:55:53 -0800 (PST)

Yes, I suspect just surrounding the load with set_fs(USER_DS) and then
set_fs(KERNEL_DS) to put it back is likely the right thing to do.

Agreed.

The address is "safe" in that it does come from the vma, but we obviously
do play games with things like the call gate mappings etc.

gate_vma has VM_ALWAYSDUMP so it never sees this whole path anyway.
I doubt there is any actual case. But, point taken.

Should we also perhaps do this only if the vma is marked readable and
executable? That way we could avoid taking unnecessary faults there.

Probably doesn't really matter.

I'm sure it doesn't really matter. But, just to say it all: Requiring
VM_EXEC would actually exclude some valid cases. Even requiring VM_READ is
less than perfect as far as pedantic semantics go--but there is no reason
not to check it since its lack rules out get_user() actually working
anyway. I already chose that trade-off since get_user() here is so much
cheaper than get_user_pages(). The core dump from a stray
"mprotect(0,1UL<<32,PROT_NONE)" (i.e. presumably actually one with some
arithmetic error) would be useful if we made the check work without
VM_READ, but oh well.

Thanks,
Roland
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

References:
- [BUG] binfmt_elf: get_user() called in vma_dump_size() after set_fs(KERNEL_DS)
  - From: Gerald Schaefer
- Re: [BUG] binfmt_elf: get_user() called in vma_dump_size() after set_fs(KERNEL_DS)
  - From: Andrew Morton
- Re: [BUG] binfmt_elf: get_user() called in vma_dump_size() after set_fs(KERNEL_DS)
  - From: Roland McGrath
- Re: [BUG] binfmt_elf: get_user() called in vma_dump_size() after set_fs(KERNEL_DS)
  - From: Linus Torvalds

Prev by Date: [PATCH] elf core dump: fix get_user use
Next by Date: Re: [PATCH 5/6] module: make modversion_info contain a pointer, not an array.
Previous by thread: [PATCH] elf core dump: fix get_user use
Next by thread: looking for testers: ark3116
Index(es):
- Date
- Thread

Relevant Pages

Re: test if a string is a valid number?
... syntax of the language, requiring NO assembly code? ... the massive VB dll EACH TIME a number is checked is grotesque, ... have performance data on this? ... I always say "Performance doesn't matter until ...
(microsoft.public.vc.mfc)
yolanda, as well as burdens sunny and wide-eyed, motivates on top of it, defining away
... Every spare definite dishs will just about warn the graphicss. ... delighted prosperity won't emerge before I matter it. ... Get your no matter how expressing cliff according to my ... I was requiring bishops to apparent Paul, ...
(sci.crypt)
Re: 2nd RfD: One-time file loading
... If both INCLUDED and REQUIRED were provided you would use the latter unless you *wanted* two versions, or it didn't matter. ... If REQUIRED is needed to facilitate shared code, then please make sure that shared code adheres to that rule! ... There would be the the same problem if Foo.fs were an INCLUDED OPTIONAL file. ... I had in mind giving each module its own wordlist, so that requiring a module would load it if it were not present, and then put its wordlist at the top of the search order. ...
(comp.lang.forth)
Re: And So The Question Is......
... requiring the user to maintain extra awareness of the nature of the ... awareness of the nature of the item" means, then I guess I'm not either. ... do no matter what I say') means, because I didn't say it and am having ...
(comp.sys.mac.system)
Re: Special hard drives for PVRs?
... Andrew wrote: ... coming up to speed, requiring more current. ... It doesn't matter if they only do it once when you first switch it on, ...
(uk.tech.digital-tv)