| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Apr 2007 10:14:58 +0200 From: Eric Dumazet <dada1@...mosbay.com> To: Nick Piggin <nickpiggin@...oo.com.au> Cc: Andrew Morton <akpm@...ux-foundation.org>, Dave Jones <davej@...hat.com>, Ulrich Drepper <drepper@...il.com>, Ingo Molnar <mingo@...e.hu>, Andi Kleen <ak@...e.de>, Ravikiran G Thirumalai <kiran@...lex86.org>, "Shai Fultheim (Shai@...lex86.org)" <shai@...lex86.org>, pravin b shelar <pravin.shelar@...softinc.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH, take4] FUTEX : new PRIVATE futexes On Wed, 11 Apr 2007 17:22:57 +1000 Nick Piggin <nickpiggin@...oo.com.au> wrote: > Eric Dumazet wrote: > > On Sat, 07 Apr 2007 19:30:14 +1000 > > Nick Piggin <nickpiggin@...oo.com.au> wrote: > > > > > >>Eric Dumazet wrote: > > > > > > > >>>- Current mm code have a problem with 64bit futexes, as spoted by Nick : > >>> > >>>get_futex_key() does a check against sizeof(u32) regardless of futex being 64bits or not. > >>>So it is possible a 64bit futex spans two pages of memory... > >>>I had to change get_futex_key() prototype to be able to do a correct test. > >> > >>I wonder if it should be encfocing alignment to keep in on 1 page? > > > > > > I believe I just did that :) > > Yes :P What I was trying to say before jumping on a plane is that > sys_futex/sys_futex64 calls should each check their own address alignment, so > the deeper parts of the call stack always know alignment is correct. > > This will remove all the fsize you pass around, and also sanitise the userspace > argument much higher in the call stack, which is very preferable and more > conventional. > > Maybe this isn't possible (it's very obvious, so there may be a good reason it > hasn't been done). I had this idea as well, but considering get_futex_key() is exported in include/linux/futex.h, I believe some out-of tree thing is using it. As this external thing certainly is not doing the check itself, to be on the safe side we should enforce it in get_futex_key(). I agree with you : If we want to maximize performance, we could say : The check *must* be done by the caller. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists