* [Bug runtime/6697] New: need more access_ok() checks in runtime/tapsets
@ 2008-06-25 20:55 fche at redhat dot com
2008-06-25 23:57 ` [Bug runtime/6697] " mhiramat at redhat dot com
2008-06-26 15:13 ` mhiramat at redhat dot com
0 siblings, 2 replies; 4+ messages in thread
From: fche at redhat dot com @ 2008-06-25 20:55 UTC (permalink / raw)
To: systemtap
Each user_*() tapset call in conversions.stp should set_fs(USER_DS) and restore it;
Each user/kernel_*() tapset or runtime type call should check the pointers with
access_ok(), redundantly if necessary.
See also bug #1288, which could be started upon with an access_ok()-based
address filtering function.
See also: https://bugzilla.redhat.com/show_bug.cgi?id=452759
--
Summary: need more access_ok() checks in runtime/tapsets
Product: systemtap
Version: unspecified
Status: NEW
Severity: critical
Priority: P2
Component: runtime
AssignedTo: systemtap at sources dot redhat dot com
ReportedBy: fche at redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=6697
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug runtime/6697] need more access_ok() checks in runtime/tapsets
2008-06-25 20:55 [Bug runtime/6697] New: need more access_ok() checks in runtime/tapsets fche at redhat dot com
@ 2008-06-25 23:57 ` mhiramat at redhat dot com
2008-06-26 15:13 ` mhiramat at redhat dot com
1 sibling, 0 replies; 4+ messages in thread
From: mhiramat at redhat dot com @ 2008-06-25 23:57 UTC (permalink / raw)
To: systemtap
------- Additional Comments From mhiramat at redhat dot com 2008-06-25 20:04 -------
on ia64, access_ok() is defined as below:
#define __access_ok(addr, size, segment)
\
({
\
__chk_user_ptr(addr);
\
(likely((unsigned long) (addr) <= (segment).seg)
\
&& ((segment).seg == KERNEL_DS.seg
\
|| likely(REGION_OFFSET((unsigned long) (addr)) < RGN_MAP_LIMIT)));
\
})
#define access_ok(type, addr, size) __access_ok((addr), (size), get_fs())
and KERNEL_DS.seg = 0xffffffffffffffff
This means, if we set segment=KERNEL_DS, access_ok() always returns 1. :-(
--
http://sourceware.org/bugzilla/show_bug.cgi?id=6697
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug runtime/6697] need more access_ok() checks in runtime/tapsets
2008-06-25 20:55 [Bug runtime/6697] New: need more access_ok() checks in runtime/tapsets fche at redhat dot com
2008-06-25 23:57 ` [Bug runtime/6697] " mhiramat at redhat dot com
@ 2008-06-26 15:13 ` mhiramat at redhat dot com
1 sibling, 0 replies; 4+ messages in thread
From: mhiramat at redhat dot com @ 2008-06-26 15:13 UTC (permalink / raw)
To: systemtap
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |mhiramat at redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=6697
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug runtime/6697] need more access_ok() checks in runtime/tapsets
[not found] <bug-6697-6586@http.sourceware.org/bugzilla/>
@ 2013-01-17 16:16 ` fche at redhat dot com
0 siblings, 0 replies; 4+ messages in thread
From: fche at redhat dot com @ 2013-01-17 16:16 UTC (permalink / raw)
To: systemtap
http://sourceware.org/bugzilla/show_bug.cgi?id=6697
Frank Ch. Eigler <fche at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #2 from Frank Ch. Eigler <fche at redhat dot com> 2013-01-17 16:15:43 UTC ---
Recent loc2c changes do this.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-01-17 16:16 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-06-25 20:55 [Bug runtime/6697] New: need more access_ok() checks in runtime/tapsets fche at redhat dot com
2008-06-25 23:57 ` [Bug runtime/6697] " mhiramat at redhat dot com
2008-06-26 15:13 ` mhiramat at redhat dot com
[not found] <bug-6697-6586@http.sourceware.org/bugzilla/>
2013-01-17 16:16 ` fche at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).