| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Apr 2018 19:47:22 -0700 (PDT)
From: David Rientjes <rientjes@...gle.com>
To: Mikulas Patocka <mpatocka@...hat.com>
cc: Michal Hocko <mhocko@...nel.org>,
Matthew Wilcox <willy@...radead.org>,
David Miller <davem@...emloft.net>,
Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org,
eric.dumazet@...il.com, edumazet@...gle.com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
mst@...hat.com, jasowang@...hat.com,
virtualization@...ts.linux-foundation.org, dm-devel@...hat.com,
Vlastimil Babka <vbabka@...e.cz>
Subject: Re: [PATCH v3] kvmalloc: always use vmalloc if CONFIG_DEBUG_SG
On Mon, 23 Apr 2018, Mikulas Patocka wrote:
> The kvmalloc function tries to use kmalloc and falls back to vmalloc if
> kmalloc fails.
>
> Unfortunatelly, some kernel code has bugs - it uses kvmalloc and then
> uses DMA-API on the returned memory or frees it with kfree. Such bugs were
> found in the virtio-net driver, dm-integrity or RHEL7 powerpc-specific
> code.
>
> These bugs are hard to reproduce because kvmalloc falls back to vmalloc
> only if memory is fragmented.
>
> In order to detect these bugs reliably I submit this patch that changes
> kvmalloc to fall back to vmalloc with 1/2 probability if CONFIG_DEBUG_SG
> is turned on. CONFIG_DEBUG_SG is used, because it makes the DMA API layer
> verify the addresses passed to it, and so the user will get a reliable
> stacktrace.
>
Why not just do it unconditionally? Sounds better than "50% of the time
this will catch bugs".
> Some bugs (such as buffer overflows) are better detected
> with kmalloc code, so we must test the kmalloc path too.
>
> Signed-off-by: Mikulas Patocka <mpatocka@...hat.com>
>
> ---
> mm/util.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> Index: linux-2.6/mm/util.c
> ===================================================================
> --- linux-2.6.orig/mm/util.c 2018-04-23 00:12:05.000000000 +0200
> +++ linux-2.6/mm/util.c 2018-04-23 17:57:02.000000000 +0200
> @@ -14,6 +14,7 @@
> #include <linux/hugetlb.h>
> #include <linux/vmalloc.h>
> #include <linux/userfaultfd_k.h>
> +#include <linux/random.h>
>
> #include <asm/sections.h>
> #include <linux/uaccess.h>
> @@ -404,6 +405,12 @@ void *kvmalloc_node(size_t size, gfp_t f
> */
> WARN_ON_ONCE((flags & GFP_KERNEL) != GFP_KERNEL);
>
> +#ifdef CONFIG_DEBUG_SG
> + /* Catch bugs when the caller uses DMA API on the result of kvmalloc. */
> + if (!(prandom_u32_max(2) & 1))
> + goto do_vmalloc;
> +#endif
> +
> /*
> * We want to attempt a large physically contiguous block first because
> * it is less likely to fragment multiple larger blocks and therefore
> @@ -427,6 +434,9 @@ void *kvmalloc_node(size_t size, gfp_t f
> if (ret || size <= PAGE_SIZE)
> return ret;
>
> +#ifdef CONFIG_DEBUG_SG
> +do_vmalloc:
> +#endif
You can just do
do_vmalloc: __maybe_unused
> return __vmalloc_node_flags_caller(size, node, flags,
> __builtin_return_address(0));
> }
>
>
Powered by blists - more mailing lists