lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 13 Jun 2016 16:00:53 +0200
From:	Michal Hocko <mhocko@...nel.org>
To:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc:	mst@...hat.com, vdavydov@...tuozzo.com, akpm@...ux-foundation.org,
	rientjes@...gle.com, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] exit: clear TIF_MEMDIE after exit_task_work

On Mon 13-06-16 22:52:43, Tetsuo Handa wrote:
> Michal Hocko wrote:
> > I have checked the vnet code and it doesn't seem to rely on
> > copy_from_user/get_user AFAICS. Other users of use_mm() need to copy to
> > the userspace only as well. So we should be perfectly safe to OOM reap
> > address space even when it is shared by the kthread [1] so this is
> > not really needed for the OOM correctness purpose. It would be much
> > nicer if the kthread didn't pin the mm for two long outside of the OOM
> > handling as well of course but that lowers the priority of the change.
> > 
> > [1] http://lkml.kernel.org/r/20160613112348.GC6518@dhcp22.suse.cz
> 
> It seems to me that vhost code relies on copy from the userspace.
> 
> use_mm(dev->mm) and unuse_mm(dev->mm) are used inside vhost_worker().
> work->fn(work) is initialized by vhost_work_init().
> vhost_scsi_open() passes vhost_scsi_complete_cmd_work() and
> vhost_scsi_evt_work() as ->fn, and both functions call __get_user().
> 
> vhost_scsi_complete_cmd_work() {
>   vhost_signal() {
>     vhost_notify() {
>       __get_user()
>     }
>   }
> }
> 
> vhost_scsi_evt_work() {
>   vhost_scsi_do_evt_work() {
>     vhost_get_vq_desc() {
>       __get_user() / __copy_from_user()
>       get_indirect() {
>         copy_from_iter()
>       }
>     }
>   }
> }

Ahh, I've missed those. Thanks for pointing this out! Let me try to find
out whether the code is robust to see unexpected 0 when reading from the
userspace.

-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ