This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: [SCM] systemtap: system-wide probe/trace tool branch, master, updated. release-0.9.9-228-gd0822e2
- From: Mark Wielaard <mjw at redhat dot com>
- To: systemtap at sourceware dot org
- Cc: Dave Brolley <brolley at redhat dot com>
- Date: Fri, 04 Sep 2009 10:51:09 +0200
- Subject: Re: [SCM] systemtap: system-wide probe/trace tool branch, master, updated. release-0.9.9-228-gd0822e2
- References: <20090903212016.3134.qmail@sourceware.org>
Hi Dave,
On Thu, 2009-09-03 at 21:20 +0000, brolley@sourceware.org wrote:
> commit d0822e28934cd0387c2af4349cf52c52c368c55a
> Author: Dave Brolley <brolley@redhat.com>
> Date: Thu Sep 3 17:19:05 2009 -0400
>
> Disallow kernel space memory access when unprivileged.
>
> 2009-09-03 Dave Brolley <brolley@redhat.com>
>
> * runtime/addr-map.c (lookup_addr_aux): Now takes size argument.
> Consider the size when looking for overlapping range with the map
> entries.
> (lookup_bad_addr): Now takes size argument. Disallow kernel space access
> when STP_PRIVILEGED is not defined. Pass size to lookup_addr_aux.
> <asm/processor.h>: #include it when STP_PRIVILEGED is not defined.
> (add_bad_addr_entry): Supply a size of 1 to calls to lookup_addr_aux.
> * runtime/loc2c-runtime.h (kread): Pass sizeof (*(ptr)) to
> lookup_bad_addr.
> (kwrite): Likewise.
> (deref): Pass size to lookup_bad_addr.
> (store_deref): Likewise.
I was looking at this piece:
+lookup_bad_addr(unsigned long addr, size_t size)
{
struct addr_map_entry* result = 0;
+
+#ifndef STP_PRIVILEGED
+ /* Unprivileged users must not access kernel space memory. */
+ if (addr + size > TASK_SIZE)
+ return 1;
+#endif
+
I was wondering if that check cannot "overflow" if size is really big,
making addr + size > TASK_SIZE succeed because the computation wraps
around making is smaller than TASK_SIZE.
Cheers,
Mark