[PATCH v2] powerpc/64: Fix memcmp reading past the end of src/dest
Michael Ellerman
mpe at ellerman.id.au
Fri Feb 8 17:12:21 AEDT 2019
Segher Boessenkool <segher at kernel.crashing.org> writes:
> On Thu, Feb 07, 2019 at 10:53:13PM +1100, Michael Ellerman wrote:
>> Chandan reported that fstests' generic/026 test hit a crash:
>
>> The instruction dump decodes as:
>> subfic r6,r5,8
>> rlwinm r6,r6,3,0,28
>> ldbrx r9,0,r3
>> ldbrx r10,0,r4 <-
>>
>> Which shows us doing an 8 byte load from c00000062ac3fff9, which
>> crosses the page boundary at c00000062ac40000 and faults.
>>
>> It's not OK for memcmp to read past the end of the source or
>> destination buffers.
>
> It's not okay to access memory pages unsolicited. Reading past the end
> is fine per se.
Yeah I guess that's true.
Things like KASAN/valgrind probably disagree, but KASAN at least
overrides memcmp AIUI.
I guess I feel better about it not reading past the end of the buffers,
but maybe I'm being paranoid.
The other complication is we support multiple page sizes, so detecting a
page boundary is more complicated than it could be.
So I guess I'm inclined to stick with this approach, but I can update
the change log.
cheers
More information about the Linuxppc-dev
mailing list