lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 9 Jan 2018 08:15:44 +0300
From:   Yury Norov <ynorov@...iumnetworks.com>
To:     Rasmus Villemoes <linux@...musvillemoes.dk>
Cc:     linux-kernel@...r.kernel.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        Ben Hutchings <ben@...adent.org.uk>,
        David Decotigny <decot@...glers.com>,
        "David S . Miller" <davem@...emloft.net>,
        Geert Uytterhoeven <geert@...ux-m68k.org>,
        Matthew Wilcox <mawilcox@...rosoft.com>
Subject: Re: [PATCH 1/2] bitmap: new bitmap_copy_safe and
 bitmap_{from,to}_arr32

On Tue, Jan 09, 2018 at 12:29:23AM +0100, Rasmus Villemoes wrote:
> On 28 December 2017 at 16:00, Yury Norov <ynorov@...iumnetworks.com> wrote:
> >
> > In this patch, bitmap_copy_safe and bitmap_{from,to}_arr32 are introduced.
> >
> > 'Safe' in bitmap_copy_safe() stands for clearing unused bits in bitmap
> > beyond last bit till the end of last word. It is useful for hardening
> > API when bitmap is assumed to be exposed to userspace.
> 
> I agree completely with getting rid of the complexity of the u32array
> functions, and also think they should simply be implemented as a
> memcpy() when possible.
> 
> I'm not a fan of the _safe suffix, though. It doesn't say what it's
> safe from. For example, one possible interpretation is that it allows
> src or dst to be NULL (becoming a noop in such a case). Why not say
> what it does? _clear_tail, _clear_rest, something like that.

OK, _clear_tail sounds good. I have to send v2 anyway because there's
new driver coming that uses u32array, and I'll also do rename.
https://www.spinics.net/lists/arm-kernel/msg627220.html

> Or maybe,
> can we simply make bitmap_copy behave that way? Hm, probably not, a
> bit too many users to check they'd all be ok with that.

Yep, and there's explicit comment in lib/bitmap.c:
 * The possible unused bits in the last, partially used word
 * of a bitmap are 'don't care'.  The implementation makes
 * no particular effort to keep them zero.  It ensures that
 * their value will not affect the results of any operation.
 * The bitmap operations that return Boolean (bitmap_empty,
 * for example) or scalar (bitmap_weight, for example) results
 * carefully filter out these unused bits from impacting their
 * results.

Changing this may potentially affect performance, and anyway, too
revolutionary to me.

Yury

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ