lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 7 Oct 2010 18:03:41 +0200
From:	Gleb Natapov <gleb@...antech.com>
To:	Marcelo Tosatti <mtosatti@...hat.com>
Cc:	Avi Kivity <avi@...hat.com>, Gleb Natapov <gleb@...hat.com>,
	kvm@...r.kernel.org, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org, mingo@...e.hu,
	a.p.zijlstra@...llo.nl, tglx@...utronix.de, hpa@...or.com,
	riel@...hat.com, cl@...ux-foundation.org
Subject: Re: [PATCH v6 04/12] Add memory slot versioning and use it to
 provide fast guest write interface

On Thu, Oct 07, 2010 at 12:42:48PM -0300, Marcelo Tosatti wrote:
> On Thu, Oct 07, 2010 at 12:00:13PM +0200, Avi Kivity wrote:
> >  On 10/06/2010 10:08 PM, Gleb Natapov wrote:
> > >>  Malicious userspace can cause entry to be cached, ioctl
> > >>  SET_USER_MEMORY_REGION 2^32 times, generation number will match,
> > >>  mark_page_dirty_in_slot will be called with pointer to freed memory.
> > >>
> > >Hmm. To zap all cached entires on overflow we need to track them. If we
> > >will track then we can zap them on each slot update and drop "generation"
> > >entirely.
> > 
> > To track them you need locking.
> > 
> > Isn't SET_USER_MEMORY_REGION so slow that calling it 2^32 times
> > isn't really feasible?
> 
> Assuming it takes 1ms, it would take 49 days.
> 
We may fail ioctl when max value is reached. The question is how much slot
changes can we expect from real guest during its lifetime.

> > In any case, can use u64 generation count.
> 
> Agree.
Yes, 64 bit ought to be enough for anybody.

--
			Gleb.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ