lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200802111345.23372.ak@suse.de>
Date:	Mon, 11 Feb 2008 13:45:23 +0100
From:	Andi Kleen <ak@...e.de>
To:	Ingo Molnar <mingo@...e.hu>, ying.huang@...el.com
Cc:	tglx@...utronix.de, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] [4/8] CPA: Fix set_memory_x for ioremap


> Wrong. We do call __pa() on vmalloc ranges (which is a known 
> uncleanliness that we intend to fix),

AFAIK nobody does actually currently. Although I expect sooner
or later someone will try since __ioremap() lost its pgprot argument
that made it so powerful. Best would be probably to stick
in some bugs just to catch that.

> but contrary to your claim the  
> result is not "random result". On 64-bit it's guaranteed to have a value 
> above ~66 TB on 64-bit and hence fails all the filters later on so it 
> has zero practical relevance at the moment.

Note that 64bit EFI passes in a fixmap address (they just call
it efi_ioremap). Fixmaps are in the kernel mapping which __pa() handles
and then this gives a low number likely somewhere in memory
and might well trigger.

> On 32-bit we transform it  
> down to somewhere around 1GB - where we check it against the BIOS range 
> filters - which again cannot trigger. But I do agree that it's unclean 
> and needs fixing up.

Are you sure about this for all possible __PAGE_OFFSET values? e.g. consider
1:3 split. Also there is always relocated kernels where kernels might be loaded 
quite high.

> 
> static int change_page_attr_addr(struct cpa_data *cpa)
> ...
>         unsigned long phys_addr = __pa(address);
> 
> which for vmalloc area virtual addresses will indeed yield some really 
> high (and invalid) physical address. That address will never trigger 
> this check:
> 
>         if (within(address, HIGH_MAP_START, HIGH_MAP_END))
>                 address = (unsigned long) __va(phys_addr);

That doesn't check phys_addr at all?
 
> or this check:
> 
>         if (within(phys_addr, 0, KERNEL_TEXT_SIZE)) {
> 
> so we'll never actuall _use_ that phys_addr.



> and it's on our clean-up  
> list. But your patch is not a good cleanup because it just hides the 
> underlying weakness.

I never claimed it was a cleanup. It's a fix and a optimization 
(don't do unnecessary coherency between direct mapping and other 
mappings for clearing X -- this means some innocent pages in the
direct mapping won't get split) 

Anyways even if you don't want to fix this clear bug I would ask
to still consider the optimization independently.

-Andi


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ