Re: access_ok macor
- From: Michal Simek <monstr@xxxxxxxxx>
- Date: Tue, 14 Jul 2009 15:45:22 +0200
Arnd Bergmann wrote:
On Tuesday 14 July 2009, Michal Simek wrote:
I found that I can setup text base in binutils/ld/emulparam/elf32mb_linux.sh
The problem which I have is that if I run socketpair, getsockname, getpeername LTP
tests with invalid salen pointer there are addresses close to 0x0. Microblaze
has no text there and the sigsegv fault is generated.
This sounds like a classic NULL pointer dereference that is handled correctly
by the kernel. The question is where the address came from.
It is not anly NULL pointer - is LTP tests are some fake addresses. From my tests I see
that I am not able to access place till 1000 0000 in dec.
Bad address come from tests to test it.
Look at
http://developer.petalogix.com/git/gitweb.cgi?p=ltp-microblaze.git;a=commitdiff;h=45f4cd783ce8b94f1267bb87c0c46e8536f62eca
There are three affected tests and my quick fixes which I am trying to solve now.
This fault could be fixed by changed access_ok macro where I check bottom limit
at 0x1000 0000 too. After this change the LTP program not failed but I am not sure
if is the right solution because none arch do it. All archs just check upper limit
not lower.
What is the correct solution for it? Moving .text base to 0x0 or is there any other
elegant solution?
Moving .text is not the right solution, because it only papers over real bugs.
I can confirm it - I moved it and rebuild toolchain.
access_ok() is also not the right place to check this, the only purpose it has
is to make sure that the argument is not a valid kernel address but either a
valid user address or possibly invalid address. Also, access_ok() is only used
together with the copy_from/to_user and get/put_user function families. These
need to catch invalid addresses with a fixup table entry in the kernel.
ok - that mean that problem could be in bad fixup table?
I briefly looked at your implementation but could not find any problems in
this area. Could you use gdb to find out whether the sigsegv happens in the
kernel at all, or in user space?
We don't have gdb in place.
The problem should come from get_user macro. net/socket.c:212
I was looking for it in the morning. I am checking it again.
Thanks,
Michal
int move_addr_to_user(struct sockaddr *kaddr, int klen, void __user *uaddr,
int __user *ulen)
{
int err;
int len;
err = get_user(len, ulen);
if (err)
return err;
Arnd <><
--
Michal Simek, Ing. (M.Eng)
w: www.monstr.eu p: +42-0-721842854
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: access_ok macor
- From: Arnd Bergmann
- Re: access_ok macor
- References:
- access_ok macor
- From: Michal Simek
- Re: access_ok macor
- From: Arnd Bergmann
- access_ok macor
- Prev by Date: Re: Reboot quirk for sbc-fitpc2 board
- Next by Date: [PATCH] Make SCSI SG v4 driver enabled by default and remove EXPERIMENTAL dependency, since udev depends on BSG.
- Previous by thread: Re: access_ok macor
- Next by thread: Re: access_ok macor
- Index(es):
Relevant Pages
|
