<div dir="ltr"><div><div>Thanks for the hints Valdis.<br></div><br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-09-07 18:48 GMT+02:00 <span dir="ltr"><<a href="mailto:Valdis.Kletnieks@vt.edu" target="_blank">Valdis.Kletnieks@vt.edu</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On Wed, 07 Sep 2016 15:47:30 +0200, Oscar Salvador said:<br>
<br>
> You are right regarding security stuff, but was not my will either<br>
> bypassing memory protections or crashing the system.<br>
<br>
</span>Never said that was your intent. The problem is that given that tool, some<br>
other person can abuse your module with that intent.<br>
<span class="gmail-"><br>
> - I write a user program which allocates a buffer, then writes something to<br>
> it and calls a my module via read/write<br>
<br>
</span>OK, I'll bite - how are you hooking the read/write syscalls to code in your<br>
module? Via a pseudo-device and a struct *file_ops that points at your code?<br></blockquote><div><br></div><div>I'm dealing with it with ioctls.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Oh - while you're at it, make sure your code deals properly with buffers that<br>
cross page boundaries (for instance, a 512 byte buffer that starts at 3840<br>
bytes into a 4K page, and ends 256 bytes into the next page - particularly<br>
fun if the next page is either non-existent or paged out to swap. There's<br>
reasons why the code in copy_(to|from)_user() is ugly...<br></blockquote><div><br></div><div>Taken the struct vm_area_struct and the field vm_start<br><br></div><div>Are the first 4096 bytes from vm_start stored in one page, the next 4096 in another page and so on? (talking about 4k pages)<br></div><div>I'm asking that because in that case is easy to find out how many pages should I read (just in case a buffer is close to the end of a page and follows on the next page).<br><br><br></div><div><br></div><div> </div></div><br></div></div>