| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Oct 2011 21:34:17 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Srikar Dronamraju <srikar@...ux.vnet.ibm.com> Cc: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...e.hu>, Steven Rostedt <rostedt@...dmis.org>, Linux-mm <linux-mm@...ck.org>, Arnaldo Carvalho de Melo <acme@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Hugh Dickins <hughd@...gle.com>, Christoph Hellwig <hch@...radead.org>, Andi Kleen <andi@...stfloor.org>, Thomas Gleixner <tglx@...utronix.de>, Jonathan Corbet <corbet@....net>, Andrew Morton <akpm@...ux-foundation.org>, Jim Keniston <jkenisto@...ux.vnet.ibm.com>, Roland McGrath <roland@...k.frob.com>, Ananth N Mavinakayanahalli <ananth@...ibm.com>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v5 3.1.0-rc4-tip 26/26] uprobes: queue signals while thread is singlestepping. On 10/12, Srikar Dronamraju wrote: > > I think we should be okay if the test exits in UTASK_SSTEP state. Yes, and afaics we can't avoid this case, at least currently. But we should move free_uprobe_utask() to mm_release(), or somewhere else before mm->core_state check in exit_mm(). My main concern is stop/freeze in UTASK_SSTEP state. If nothing else, debugger can attach to the stopped task and disable the stepping. Or SIGKILL, it should work in this case. > > Great. I'll think a bit more and send you the "final" version tomorrow. > > Assuming we can change sstep_complete() as we discussed, it doesn't need > > fatal_signal_pending(). > > Okay. Sorry. I was busy today. Tomorrow ;) > > HOWEVER. There is yet another problem. Another thread can, say, unmap() > > xol_vma. In this case we should ensure that the task can't fault in an > > endless loop. > > Hmm should we add a check in unmap() to see if the vma that we are > trying to unmap is the xol_vma and if so return? Oh, I am not sure. You know, I _think_ that perhaps we should do something diferent in the long term. In particular, this xol page should not have vma at all. This way we shouldn't worry about unmap/remap/mprotect. But even if this is possible (I am not really sure), I do not think we should do this right now. > Our assumption has been that once an xol_vma has been created, it should > be around till the process gets killed. Yes, I see. But afaics this assumption is currently wrong. This means that we should ensure the evil application can't exploit this fact. Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists