| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 07 Jun 2011 12:01:35 -0700 From: Darren Hart <dvhart@...ux.intel.com> To: Andrew Lutomirski <luto@....edu> CC: Eric Dumazet <eric.dumazet@...il.com>, Peter Zijlstra <peterz@...radead.org>, David Oliver <david@...advisors.com>, linux-kernel@...r.kernel.org, Shawn Bohrer <sbohrer@...advisors.com>, Zachary Vonler <zvonler@...advisors.com>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, Hugh Dickins <hughd@...gle.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...e.hu> Subject: Re: Change in functionality of futex() system call. On 06/07/2011 11:43 AM, Andrew Lutomirski wrote: > On Tue, Jun 7, 2011 at 11:58 AM, Eric Dumazet <eric.dumazet@...il.com> wrote: >> Le mardi 07 juin 2011 à 10:44 -0400, Andy Lutomirski a écrit : >>> On 06/06/2011 11:13 PM, Darren Hart wrote: >>>> >>>> >>>> On 06/06/2011 11:11 AM, Eric Dumazet wrote: >>>>> Le lundi 06 juin 2011 à 10:53 -0700, Darren Hart a écrit : >>>>>> >>>>> >>>>>> If I understand the problem correctly, RO private mapping really doesn't >>>>>> make any sense and we should probably explicitly not support it, while >>>>>> special casing the RO shared mapping in support of David's scenario. >>>>>> >>>>> >>>>> We supported them in 2.6.18 kernels, apparently. This might sounds >>>>> stupid but who knows ? >>>> >>>> >>>> I guess this is actually the key point we need to agree on to provide a >>>> solution. This particular case "worked" in 2.6.18 kernels, but that >>>> doesn't necessarily mean it was supported, or even intentional. >>>> >>>> It sounds to me that we agree that we should support RO shared mappings. >>>> The question remains about whether we should introduce deliberate >>>> support of RO private mappings, and if so, if the forced COW approach is >>>> appropriate or not. >>>> >>> >>> I disagree. >>> >>> FUTEX_WAIT has side-effects. Specifically, it eats one wakeup sent by >>> FUTEX_WAKE. So if something uses futexes on a file mapping, then a >>> process with only read access could (if the semantics were changed) DoS >>> the other processes by spawning a bunch of threads and FUTEX_WAITing >>> from each of them. >>> >>> If there were a FUTEX_WAIT_NOCONSUME that did not consume a wakeup and >>> worked on RO mappings, I would drop my objection. >> >> If a group of cooperating processes uses a memory segment to exchange >> critical information, do you really think this memory segment will be >> readable by other unrelated processes on the machine ? > > Depends on the design. > > I have some software I'm working on that uses shared files and could > easily use futexes. I don't want random read-only processes to > interfere with the futex protocol. So don't use world readable files. >> >> How is this related to futex code ? > > Because this usage is currently safe and would become unsafe with the > proposed change. > >> >> Same problem for legacy IPC (shm, msg, sem) : Appropriate protections >> are needed, obviously. >> >> BTW, kernel/futex.c uses a global hash table (futex_queues[256]) and a >> very predictable hash_futex(), so its easy to slow down futex users... > > There's a difference between slowing down users by abusing a kernel > hash and deadlocking users by eating a wakeup. (If you eat a wakeup > the wakeup won't magically come back later. It's gone.) That's the nature of SHARED, you have to protect the mapping independent of the futex mechanism. -- Darren Hart Intel Open Source Technology Center Yocto Project - Linux Kernel -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists