lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 27 Jan 2010 22:59:59 +0100
From:	Sebastian Andrzej Siewior <sebastian@...akpoint.cc>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Russell King - ARM Linux <linux@....linux.org.uk>,
	anfei <anfei.zhou@...il.com>, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	Jamie Lokier <jamie@...reable.org>,
	linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] Flush dcache before writing into page to avoid alias

* Russell King - ARM Linux | 2010-01-25 20:00:04 [+0000]:

>On Mon, Jan 25, 2010 at 11:58:14AM -0800, Andrew Morton wrote:
>> On Mon, 25 Jan 2010 21:33:08 +0800 anfei <anfei.zhou@...il.com> wrote:
>> 
>> > Hi Andrew,
>> > 
>> > On Thu, Jan 21, 2010 at 01:07:57PM +0800, anfei zhou wrote:
>> > > The cache alias problem will happen if the changes of user shared mapping
>> > > is not flushed before copying, then user and kernel mapping may be mapped
>> > > into two different cache line, it is impossible to guarantee the coherence
>> > > after iov_iter_copy_from_user_atomic.  So the right steps should be:
>> > > 	flush_dcache_page(page);
>> > > 	kmap_atomic(page);
>> > > 	write to page;
>> > > 	kunmap_atomic(page);
>> > > 	flush_dcache_page(page);
>> > > More precisely, we might create two new APIs flush_dcache_user_page and
>> > > flush_dcache_kern_page to replace the two flush_dcache_page accordingly.
>> > > 
>> > > Here is a snippet tested on omap2430 with VIPT cache, and I think it is
>> > > not ARM-specific:
>> > > 	int val = 0x11111111;
>> > > 	fd = open("abc", O_RDWR);
>> > > 	addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
>> > > 	*(addr+0) = 0x44444444;
>> > > 	tmp = *(addr+0);
>> > > 	*(addr+1) = 0x77777777;
>> > > 	write(fd, &val, sizeof(int));
>> > > 	close(fd);
>> > > The results are not always 0x11111111 0x77777777 at the beginning as expected.
>> > > 
>> > Is this a real bug or not necessary to support?
>> 
>> Bug.  If variable `addr' has type int* then the contents of that file
>> should be 0x11111111 0x77777777.  You didn't tell us what the contents
>> were in the incorrect case, but I guess it doesn't matter.
>
>FYI, from a previous email from anfei:
>
>0x44444444 0x77777777

I just wanted to query what the status of this patch is. This patch
seems to fix a real bug which causes a test suite to fail on ARM [0].
The test suite passes on my VIVT ARM with this patch.

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524003

Sebastian
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ