| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <35fa2cb6-9957-fd77-836c-760cecc64b2e@suse.cz>
Date: Mon, 27 Nov 2017 16:55:54 +0100
From: Vlastimil Babka <vbabka@...e.cz>
To: Helge Deller <deller@....de>, Matthew Wilcox <willy@...radead.org>,
Dan Williams <dan.j.williams@...el.com>
Cc: Jan Kara <jack@...e.cz>,
Ross Zwisler <ross.zwisler@...ux.intel.com>,
Christoph Hellwig <hch@...radead.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
"linux-nvdimm@...ts.01.org" <linux-nvdimm@...ts.01.org>,
Linux MM <linux-mm@...ck.org>,
Linux API <linux-api@...r.kernel.org>,
linux-ext4 <linux-ext4@...r.kernel.org>,
linux-xfs <linux-xfs@...r.kernel.org>,
"Darrick J . Wong" <darrick.wong@...cle.com>,
Arnd Bergmann <arnd@...db.de>,
Andy Lutomirski <luto@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Michal Hocko <mhocko@...nel.org>,
Kees Cook <keescook@...omium.org>,
Florian Weimer <fweimer@...hat.com>,
John Hubbard <jhubbard@...dia.com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
linux-parisc@...r.kernel.org
Subject: Re: [PATCH 01/18] mm: introduce MAP_SHARED_VALIDATE, a mechanism to
safely define new mmap flags
On 11/25/2017 07:45 PM, Helge Deller wrote:
> On 22.11.2017 20:53, Matthew Wilcox wrote:
>> On Wed, Nov 22, 2017 at 08:52:37AM -0800, Dan Williams wrote:
>>> On Wed, Nov 22, 2017 at 4:02 AM, Vlastimil Babka <vbabka@...e.cz> wrote:
>>>> On 11/01/2017 04:36 PM, Jan Kara wrote:
>>>>> From: Dan Williams <dan.j.williams@...el.com>
>>>>>
>>>>> The mmap(2) syscall suffers from the ABI anti-pattern of not validating
>>>>> unknown flags. However, proposals like MAP_SYNC need a mechanism to
>>>>> define new behavior that is known to fail on older kernels without the
>>>>> support. Define a new MAP_SHARED_VALIDATE flag pattern that is
>>>>> guaranteed to fail on all legacy mmap implementations.
>>>>
>>>> So I'm trying to make sense of this together with Michal's attempt for
>>>> MAP_FIXED_SAFE [1] where he has to introduce a completely new flag
>>>> instead of flag modifier exactly for the reason of not validating
>>>> unknown flags. And my conclusion is that because MAP_SHARED_VALIDATE
>>>> implies MAP_SHARED and excludes MAP_PRIVATE, MAP_FIXED_SAFE as a
>>>> modifier cannot build on top of this. Wouldn't thus it be really better
>>>> long-term to introduce mmap3 at this point? ...
>>>
>>> We have room to define MAP_PRIVATE_VALIDATE in MAP_TYPE on every arch
>>> except parisc. Can we steal an extra bit for MAP_TYPE from somewhere
>>> else on parisc?
>>
>> It looks like 0x08 should work.
>
> I posted an RFC to the parisc mailing list for that:
> https://patchwork.kernel.org/patch/9970553/
Thanks. BTW there doesn't seem to be much interest making MAP_FIXED_SAFE
a flag modifier after all, so MAP_PRIVATE_VALIDATE wouldn't get
immediate users.
> Basically this is (for parisc only):
> -#define MAP_TYPE 0x03 /* Mask for type of mapping */
> +#define MAP_TYPE (MAP_SHARED|MAP_PRIVATE|MAP_RESRVD1|MAP_RESRVD2) /* Mask for type of mapping */
> #define MAP_FIXED 0x04 /* Interpret addr exactly */
> +#define MAP_RESRVD1 0x08 /* reserved for 3rd bit of MAP_TYPE */
> #define MAP_ANONYMOUS 0x10 /* don't use a file */
> +#define MAP_RESRVD2 0x20 /* reserved for 4th bit of MAP_TYPE */
>
>> But I don't have an HPUX machine around
>> to check that HP didn't use that bit for something else.
>
> We completely dropped support for HPUX binaries, so it's not relvant any longer.
>
>> It'd probably help to cc the linux-parisc mailing list when asking
>> questions about PARISC, eh?
>
> Yes, please.
>
> Helge
>
Powered by blists - more mailing lists