lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 8 Sep 2015 17:52:23 +0800
From:	Xishi Qiu <qiuxishi@...wei.com>
To:	Andrey Ryabinin <ryabinin.a.a@...il.com>
CC:	Andrew Morton <akpm@...ux-foundation.org>,
	Andrey Konovalov <adech.fo@...il.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Michal Marek <mmarek@...e.cz>, Linux MM <linux-mm@...ck.org>,
	LKML <linux-kernel@...r.kernel.org>, <zhongjiang@...wei.com>
Subject: Re: [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()

On 2015/9/8 17:49, Xishi Qiu wrote:

> On 2015/9/8 17:36, Andrey Ryabinin wrote:
> 
>> 2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@...wei.com>:
>>> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
>>> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
>>> it calculates wrong, so fix it.
>>>
>>
>> Please, be more specific. Describe what is wrong with the current code and why,
>> what's the effect of this bug and how you fixed it.
>>
>>
> 
> If the 16 bytes memory is aligned on 8, then the shadow takes only 2 bytes.
> So we check "shadow_first_bytes" is enough, and need not to call "memory_is_poisoned_1(addr + 15);".
> The code "if (likely(IS_ALIGNED(addr, 8)))" is wrong judgement.

Sorry, a mistake, The code "if (likely(!last_byte))" is wrong judgement.

> e.g. addr=0, so last_byte = 15 & KASAN_SHADOW_MASK = 7, then the code will
> continue to call "return memory_is_poisoned_1(addr + 15);"
> 
> Thanks,
> Xishi Qiu
> 
>>> Signed-off-by: Xishi Qiu <qiuxishi@...wei.com>
>>> ---
>>>  mm/kasan/kasan.c |    3 +--
>>>  1 files changed, 1 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
>>> index 7b28e9c..8da2114 100644
>>> --- a/mm/kasan/kasan.c
>>> +++ b/mm/kasan/kasan.c
>>> @@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
>>>
>>>         if (unlikely(*shadow_addr)) {
>>>                 u16 shadow_first_bytes = *(u16 *)shadow_addr;
>>> -               s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
>>>
>>>                 if (unlikely(shadow_first_bytes))
>>>                         return true;
>>>
>>> -               if (likely(!last_byte))
>>> +               if (likely(IS_ALIGNED(addr, 8)))
>>>                         return false;
>>>
>>>                 return memory_is_poisoned_1(addr + 15);
>>> --
>>> 1.7.1
>>>
>>>
>>
>> .
>>
> 
> 



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ