| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 01 Mar 2015 14:57:07 +1100 From: Benjamin Herrenschmidt <benh@...nel.crashing.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: "linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, linux-mm <linux-mm@...ck.org> Subject: Re: Generic page fault (Was: libsigsegv ....) On Sat, 2015-02-28 at 16:41 -0800, Linus Torvalds wrote: > On Sat, Feb 28, 2015 at 3:02 PM, Benjamin Herrenschmidt > <benh@...nel.crashing.org> wrote: > > > > Anyway, here's the current patch: > > Ok, I think I like this approach better. > > Your FAULT_FLAG_EXEC handling is wrong, though. It shouldn't check > VM_WRITE, it should check VM_EXEC. A bit too much copy-paste ;) Ah yes indeed :) I would have caught that pretty quickly once I tried powerpc. > Btw, it's quite possible that we could just do all the PF_PROT > handling at the x86 level, before even calling the generic fault > handler. It's not like we even need the vma or the mm semaphore: if > it's a non-write protection fault, we always SIGSEGV. So why even > bother getting the locks and looking up the page tables etc? For non-write possibly, though that means we always end up going through handle_mm_fault for a non-present PTE before we decide that it wasn't actually accessible. Not a huge deal I suppose unless something (ab)uses mprotect + emulation for things like spying on MMIO accesses (been there) or god knows what other userspace based paging or GC might be out there. It's asking for trouble but the check in access_error() doesn't hurt much either. On the other hand, we are all about simplifying code here, aren't we ? :-) It's not like the early bail-out on x86 will buy us much and it's going to be more arch specific code since they'll all have a different variant of PF_PROT. One thing that worries me a bit, however, with the PF_PROT handling in the generic case is the case of archs who support present-but-not-accessible PTEs in "HW" (for us that basically means no _PAGE_USER), as these might use such fault for NUMA balancing, or software maintained "young" bit, and in those case, bailing out on PF_PROT is wrong. I'll have to figure out if that ever happens when I dig through more archs. > Now, that PF_PROT handling isn't exactly performance-critical, but it > might help to remove the odd x86 special case from the generic code. I don't think it's that odd on x86. If you look at what other archs do, there's a bit of everything out there. Just powerpc may or may not support exec permission for example depending on the CPU generation and when it doesn't it's basically similar to x86. I yet have to fully understand what ARM does (looks simple, just need to make sure it's what I think it is and check various ARM generations), sparc has its oddities, etc... None of that is terribly urgent and I'm pretty busy so give me a bit more time now that we have some kind of direction, to go through a few more archs and see where it takes us. I'll start gathering cross compilers and qemu debian images in the next few days. Cheers, Ben. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists