From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org>
Received: from mail-pg1-x541.google.com ([2607:f8b0:4864:20::541])
 by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux))
 id 1goNJy-0005Hh-H0
 for barebox@lists.infradead.org; Tue, 29 Jan 2019 06:56:42 +0000
Received: by mail-pg1-x541.google.com with SMTP id j10so8373380pga.1
 for <barebox@lists.infradead.org>; Mon, 28 Jan 2019 22:56:34 -0800 (PST)
From: Andrey Smirnov <andrew.smirnov@gmail.com>
Date: Mon, 28 Jan 2019 22:55:47 -0800
Message-Id: <20190129065549.29161-18-andrew.smirnov@gmail.com>
In-Reply-To: <20190129065549.29161-1-andrew.smirnov@gmail.com>
References: <20190129065549.29161-1-andrew.smirnov@gmail.com>
MIME-Version: 1.0
List-Id: <barebox.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/barebox>,
 <mailto:barebox-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/barebox/>
List-Post: <mailto:barebox@lists.infradead.org>
List-Help: <mailto:barebox-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/barebox>,
 <mailto:barebox-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "barebox" <barebox-bounces@lists.infradead.org>
Errors-To: barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org
Subject: [PATCH v2 17/19] commands: md: Do not use memmap()
To: barebox@lists.infradead.org
Cc: Andrey Smirnov <andrew.smirnov@gmail.com>

Codepaths using memmap() in md.c don't do any boundary checks, so it
can be easily made to read past the underlying file's
boundary. For example on i.MX8MQ based board with 4GiB or RAM we get:

md -b -s /dev/ram0 0xfffffff0
fffffff0: 00 00 00 00 00 00 08 0c  00 02 20 00 20 00 05 20   .......... . ..
100000000: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000010: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000020: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000030: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000040: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000050: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000060: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000070: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000080: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
100000090: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
1000000a0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
1000000b0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
1000000c0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
1000000d0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................
1000000e0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx  ................

Drop the memmap() realted codepath, so we can realy on boundary
checking done by file I/O layer.

Note that this change has a cosmetic side effect, before:

md -b 0x7ffffffffffffffff000
7ffffffffffff000: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff010: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff020: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff030: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff040: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff050: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff060: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff070: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff080: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff090: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0a0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0b0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0c0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0d0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0e0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................
7ffffffffffff0f0: xx xx xx xx xx xx xx xx  xx xx xx xx xx xx xx xx     ................

after:

md -b 0x7ffffffffffffffff000
7ffffffffffff000: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff010: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff020: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff030: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff040: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff050: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff060: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff070: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff080: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff090: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0a0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0b0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0c0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0d0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0e0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................
7ffffffffffff0f0: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff     ................

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
---
 commands/md.c      | 8 --------
 drivers/misc/mem.c | 2 +-
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/commands/md.c b/commands/md.c
index 2389c12d1..507823c67 100644
--- a/commands/md.c
+++ b/commands/md.c
@@ -43,7 +43,6 @@ static int do_mem_md(int argc, char *argv[])
 	char *filename = "/dev/mem";
 	int mode = O_RWSIZE_4;
 	int swab = 0;
-	void *map;
 	void *buf = NULL;
 
 	if (argc < 2)
@@ -66,13 +65,6 @@ static int do_mem_md(int argc, char *argv[])
 	if (fd < 0)
 		return 1;
 
-	map = memmap(fd, PROT_READ);
-	if (map != MAP_FAILED) {
-		ret = memory_display(map + start, start, size,
-				mode >> O_RWSIZE_SHIFT, swab);
-		goto out;
-	}
-
 	buf = xmalloc(RW_BUF_SIZE);
 
 	do {
diff --git a/drivers/misc/mem.c b/drivers/misc/mem.c
index 60981a3e9..2f3316307 100644
--- a/drivers/misc/mem.c
+++ b/drivers/misc/mem.c
@@ -8,7 +8,7 @@
 #include <init.h>
 
 static struct cdev_operations memops = {
-	.read  = mem_read,
+	.read  = mem_read_nofail,
 	.write = mem_write,
 	.memmap = generic_memmap_rw,
 };
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox