| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Oct 2008 00:37:02 +1100 (EST)
From: James Morris <jmorris@...ei.org>
To: Alan Cox <alan@...rguk.ukuu.org.uk>
cc: hooanon05@...oo.co.jp, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: Re: __vm_enough_memory(), OVERCOMMIT_NEVER, current->mm, kernel
thread
On Wed, 22 Oct 2008, Alan Cox wrote:
[Adding lsm list to the cc]
> On Wed, 22 Oct 2008 20:26:19 +0900
> hooanon05@...oo.co.jp wrote:
>
> >
> > Alan Cox:
> > > No - the shmem routine would use vm_enough_memory_fs which wouldn't care
> > > if current->mm is NULL, but the others would check.
> >
> > Unfortunately I cannot imagine what new vm_enough_memory_fs() will be.
> > Would you show me its draft or pseudo code?
>
> This is the patch I propose:
>
> nfsd: Fix vm overcommit crash
>
> From: Alan Cox <alan@...hat.com>
>
> Junjiro R. Okajima reported a problem where knfsd crashes if you are using
> it to export shmemfs objects and run strict overcommit. In this situation
> the current->mm based modifier to the overcommit goes through a NULL
> pointer.
>
> We could simply check for NULL and skip the modifier but we've caught other
> real bugs in the past from mm being NULL here - cases where we did need a
> valid mm set up (eg the exec bug about a year ago).
>
> To preserve the checks and get the logic we want shuffle the checking
> around and add a new helper to the vm_ security wrappers
>
> Also fix a current->mm reference in nommu that should use the passed mm
Looks ok to me.
Acked-by: James Morris <jmorris@...ei.org>
> ---
>
> include/linux/security.h | 1 +
> mm/mmap.c | 3 ++-
> mm/nommu.c | 3 ++-
> mm/shmem.c | 4 ++--
> security/security.c | 9 +++++++++
> 5 files changed, 16 insertions(+), 4 deletions(-)
>
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index f5c4a51..a2b8430 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -1585,6 +1585,7 @@ int security_syslog(int type);
> int security_settime(struct timespec *ts, struct timezone *tz);
> int security_vm_enough_memory(long pages);
> int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
> +int security_vm_enough_memory_kern(long pages);
> int security_bprm_alloc(struct linux_binprm *bprm);
> void security_bprm_free(struct linux_binprm *bprm);
> void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);
> diff --git a/mm/mmap.c b/mm/mmap.c
> index 74f4d15..de14ac2 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -175,7 +175,8 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
>
> /* Don't let a single process grow too big:
> leave 3% of the size of this process for other processes */
> - allowed -= mm->total_vm / 32;
> + if (mm)
> + allowed -= mm->total_vm / 32;
>
> /*
> * cast `allowed' as a signed long because vm_committed_space
> diff --git a/mm/nommu.c b/mm/nommu.c
> index 2696b24..7695dc8 100644
> --- a/mm/nommu.c
> +++ b/mm/nommu.c
> @@ -1454,7 +1454,8 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
>
> /* Don't let a single process grow too big:
> leave 3% of the size of this process for other processes */
> - allowed -= current->mm->total_vm / 32;
> + if (mm)
> + allowed -= mm->total_vm / 32;
>
> /*
> * cast `allowed' as a signed long because vm_committed_space
> diff --git a/mm/shmem.c b/mm/shmem.c
> index d38d7e6..1677b3e 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -162,7 +162,7 @@ static inline struct shmem_sb_info *SHMEM_SB(struct super_block *sb)
> static inline int shmem_acct_size(unsigned long flags, loff_t size)
> {
> return (flags & VM_ACCOUNT)?
> - security_vm_enough_memory(VM_ACCT(size)): 0;
> + security_vm_enough_memory_kern(VM_ACCT(size)): 0;
> }
>
> static inline void shmem_unacct_size(unsigned long flags, loff_t size)
> @@ -180,7 +180,7 @@ static inline void shmem_unacct_size(unsigned long flags, loff_t size)
> static inline int shmem_acct_block(unsigned long flags)
> {
> return (flags & VM_ACCOUNT)?
> - 0: security_vm_enough_memory(VM_ACCT(PAGE_CACHE_SIZE));
> + 0: security_vm_enough_memory_kern(VM_ACCT(PAGE_CACHE_SIZE));
> }
>
> static inline void shmem_unacct_blocks(unsigned long flags, long pages)
> diff --git a/security/security.c b/security/security.c
> index 255b085..c0acfa7 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -198,14 +198,23 @@ int security_settime(struct timespec *ts, struct timezone *tz)
>
> int security_vm_enough_memory(long pages)
> {
> + WARN_ON(current->mm == NULL);
> return security_ops->vm_enough_memory(current->mm, pages);
> }
>
> int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
> {
> + WARN_ON(mm == NULL);
> return security_ops->vm_enough_memory(mm, pages);
> }
>
> +int security_vm_enough_memory_kern(long pages)
> +{
> + /* If current->mm is a kernel thread then we will pass NULL,
> + for this specific case that is fine */
> + return security_ops->vm_enough_memory(current->mm, pages);
> +}
> +
> int security_bprm_alloc(struct linux_binprm *bprm)
> {
> return security_ops->bprm_alloc_security(bprm);
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists