This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [SCM] systemtap: system-wide probe/trace tool branch, master, updated. release-0.9.9-228-gd0822e2


Hi Dave,

On Thu, 2009-09-03 at 21:20 +0000, brolley@sourceware.org wrote:
> commit d0822e28934cd0387c2af4349cf52c52c368c55a
> Author: Dave Brolley <brolley@redhat.com>
> Date:   Thu Sep 3 17:19:05 2009 -0400
> 
>     Disallow kernel space memory access when unprivileged.
>     
>     2009-09-03  Dave Brolley  <brolley@redhat.com>
>     
>             * runtime/addr-map.c (lookup_addr_aux): Now takes size argument.
>             Consider the size when looking for overlapping range with the map
>             entries.
>             (lookup_bad_addr): Now takes size argument. Disallow kernel space access
>             when STP_PRIVILEGED is not defined. Pass size to lookup_addr_aux.
>             <asm/processor.h>: #include it when STP_PRIVILEGED is not defined.
>             (add_bad_addr_entry): Supply a size of 1 to calls to lookup_addr_aux.
>             * runtime/loc2c-runtime.h (kread): Pass sizeof (*(ptr)) to
>             lookup_bad_addr.
>             (kwrite): Likewise.
>             (deref): Pass size to lookup_bad_addr.
>             (store_deref): Likewise.

I was looking at this piece:

+lookup_bad_addr(unsigned long addr, size_t size)
 {
   struct addr_map_entry* result = 0;
+
+#ifndef STP_PRIVILEGED
+  /* Unprivileged users must not access kernel space memory.  */
+  if (addr + size > TASK_SIZE)
+    return 1;
+#endif
+

I was wondering if that check cannot "overflow" if size is really big,
making addr + size > TASK_SIZE succeed because the computation wraps
around making is smaller than TASK_SIZE.

Cheers,

Mark


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]