lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 03 May 2016 00:23:06 +0800
From:	Chen Gang <chengang@...ndsoft.com.cn>
To:	Alexander Potapenko <glider@...gle.com>
CC:	Dmitry Vyukov <dvyukov@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andrey Ryabinin <aryabinin@...tuozzo.com>,
	kasan-dev <kasan-dev@...glegroups.com>,
	LKML <linux-kernel@...r.kernel.org>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>,
	Chen Gang <gang.chen.5i5j@...il.com>
Subject: Re: [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled()

On 5/2/16 23:35, Alexander Potapenko wrote:
> On Mon, May 2, 2016 at 5:13 PM, Chen Gang <chengang@...ndsoft.com.cn> wrote:
>>
>> OK. But it does not look quite easy to use kasan_disable_current() for
>> INIT_KASAN which is used in INIT_TASK.
>>
>> If we have to set "kasan_depth == 1", we have to use kasan_depth-- in
>> kasan_enable_current().
> Agreed, decrementing the counter in kasan_enable_current() is more natural.
> I can fix this together with the comments.

OK, thanks. And need I also send patch v2 for include/linux/kasan.h? (or
you will fix them together).

>>
>> If we don't prevent the overflow, it will have negative effect with the
>> caller. When we issue an warning, it means the caller's hope fail, but
>> can not destroy the caller's original work. In our case:
>>
>>  - Assume "kasan_depth-- for kasan_enable_current()", the first enable
>>    will let kasan_depth be 0.
> Sorry, I'm not sure I follow.
> If we start with kasan_depth=0 (which is the default case for every
> task except for the init, which also gets kasan_depth=0 short after
> the kernel starts),
> then the first call to kasan_disable_current() will make kasan_depth
> nonzero and will disable KASAN.
> The subsequent call to kasan_enable_current() will enable KASAN back.
> 
> There indeed is a problem when someone calls kasan_enable_current()
> without previously calling kasan_disable_current().
> In this case we need to check that kasan_depth was zero and print a
> warning if it was.
> It actually does not matter whether we modify kasan_depth after that
> warning or not, because we are already in inconsistent state.
> But I think we should modify kasan_depth anyway to ease the debugging.
> 

For me, BUG_ON() will be better for debugging, but it is really not well
for using.  For WARN_ON(), it already print warnings, so I am not quite
sure "always modifying kasan_depth will be ease the debugging".

When we are in inconsistent state, for me, what we can do is:

 - Still try to do correct things within our control: "when the caller
   make a mistake, if kasan_enable_current() notices about it, it need
   issue warning, and prevent itself to make mistake (causing disable).

 - "try to let negative effect smaller to user", e.g. let users "loose
   hope" (call enable has no effect) instead of destroying users'
   original work (call enable, but get disable).

Thanks.
-- 
Chen Gang (陈刚)

Managing Natural Environments is the Duty of Human Beings.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ