lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 25 Jan 2010 20:00:04 +0000
From:	Russell King - ARM Linux <linux@....linux.org.uk>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	anfei <anfei.zhou@...il.com>, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	Jamie Lokier <jamie@...reable.org>,
	linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] Flush dcache before writing into page to avoid alias

On Mon, Jan 25, 2010 at 11:58:14AM -0800, Andrew Morton wrote:
> On Mon, 25 Jan 2010 21:33:08 +0800 anfei <anfei.zhou@...il.com> wrote:
> 
> > Hi Andrew,
> > 
> > On Thu, Jan 21, 2010 at 01:07:57PM +0800, anfei zhou wrote:
> > > The cache alias problem will happen if the changes of user shared mapping
> > > is not flushed before copying, then user and kernel mapping may be mapped
> > > into two different cache line, it is impossible to guarantee the coherence
> > > after iov_iter_copy_from_user_atomic.  So the right steps should be:
> > > 	flush_dcache_page(page);
> > > 	kmap_atomic(page);
> > > 	write to page;
> > > 	kunmap_atomic(page);
> > > 	flush_dcache_page(page);
> > > More precisely, we might create two new APIs flush_dcache_user_page and
> > > flush_dcache_kern_page to replace the two flush_dcache_page accordingly.
> > > 
> > > Here is a snippet tested on omap2430 with VIPT cache, and I think it is
> > > not ARM-specific:
> > > 	int val = 0x11111111;
> > > 	fd = open("abc", O_RDWR);
> > > 	addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
> > > 	*(addr+0) = 0x44444444;
> > > 	tmp = *(addr+0);
> > > 	*(addr+1) = 0x77777777;
> > > 	write(fd, &val, sizeof(int));
> > > 	close(fd);
> > > The results are not always 0x11111111 0x77777777 at the beginning as expected.
> > > 
> > Is this a real bug or not necessary to support?
> 
> Bug.  If variable `addr' has type int* then the contents of that file
> should be 0x11111111 0x77777777.  You didn't tell us what the contents
> were in the incorrect case, but I guess it doesn't matter.

FYI, from a previous email from anfei:

0x44444444 0x77777777
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ