[LTP] [PATCH] syscalls/statmount07: drop "invalid buffer size" test

Cyril Hrubis chrubis@suse.cz
Tue Oct 15 12:59:56 CEST 2024


Hi!
> > > This check relies on access_ok() check, which can be skipped
> > > on some arches/configs, for example on s390x with
> > > CONFIG_ALTERNATE_USER_ADDRESS_SPACE=y. Test then fails with:
> > >   statmount07.c:117: TFAIL: invalid buffer size succeeded
> >
> > And does it fail later on in the copy_to_user() if the buffer is
> > physically not accesible?
> >
> > We may add a test that would look like:
> >
> > | page mapped rw | page mapped read only |
> >              ^
> >              buf pointer starts here
> >
> > What do you think?
> 
> we can add that, it would be variation of "invalid buffer pointer" test

Looking at kernel __check_object_size() there seems to be a special case
for a NULL pointer in check_bogus_address(). The part that would check
if the page is writeable is done later. There are some checks in
check_heap_object() but I'm not 100% sure what these do. If I'm reading
it right it will abort the operation if the memory is not one continuous
vma, which is probably the case if we have two pages with different
access next to each other.

It may be interesting to go over the copy_to_user() code with someone
who understands mm and find a few cases to test.

-- 
Cyril Hrubis
chrubis@suse.cz


More information about the ltp mailing list