lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 20 Oct 2006 03:46:35 +1000
From:	Nick Piggin <nickpiggin@...oo.com.au>
To:	Ralf Baechle <ralf@...ux-mips.org>
CC:	Linus Torvalds <torvalds@...l.org>, Andrew Morton <akpm@...l.org>,
	linux-kernel@...r.kernel.org, Atsushi Nemoto <anemo@....ocn.ne.jp>
Subject: Re: [PATCH 1/3] Fix COW D-cache aliasing on fork

Ralf Baechle wrote:
> From: Atsushi Nemoto <anemo@....ocn.ne.jp>
> 
> Problem:
> 
> 1. There is a process containing two thread (T1 and T2).  The
>    thread T1 calls fork().  Then dup_mmap() function called on T1 context.
> 
> static inline int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
> 	...
> 	flush_cache_mm(current->mm);
> 	...	/* A */
> 	(write-protect all Copy-On-Write pages)
> 	...	/* B */
> 	flush_tlb_mm(current->mm);
> 	...
> 
> 2. When preemption happens between A and B (or on SMP kernel), the
>    thread T2 can run and modify data on COW pages without page fault
>    (modified data will stay in cache).
> 
> 3. Some time after fork() completed, the thread T2 may cause a page
>    fault by write-protect on a COW page.
> 
> 4. Then data of the COW page will be copied to newly allocated
>    physical page (copy_cow_page()).  It reads data via kernel mapping.
>    The kernel mapping can have different 'color' with user space
>    mapping of the thread T2 (dcache aliasing).  Therefore
>    copy_cow_page() will copy stale data.  Then the modified data in
>    cache will be lost.

What about if you just flush the caches after write protecting all
COW pages? Would that work? Simpler? Better performance? (I don't know)

-- 
SUSE Labs, Novell Inc.
Send instant messages to your online friends http://au.messenger.yahoo.com 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ