lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20100125115814.156d401d.akpm@linux-foundation.org>
Date:	Mon, 25 Jan 2010 11:58:14 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	anfei <anfei.zhou@...il.com>
Cc:	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	linux@....linux.org.uk, Jamie Lokier <jamie@...reable.org>,
	linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] Flush dcache before writing into page to avoid alias

On Mon, 25 Jan 2010 21:33:08 +0800 anfei <anfei.zhou@...il.com> wrote:

> Hi Andrew,
> 
> On Thu, Jan 21, 2010 at 01:07:57PM +0800, anfei zhou wrote:
> > The cache alias problem will happen if the changes of user shared mapping
> > is not flushed before copying, then user and kernel mapping may be mapped
> > into two different cache line, it is impossible to guarantee the coherence
> > after iov_iter_copy_from_user_atomic.  So the right steps should be:
> > 	flush_dcache_page(page);
> > 	kmap_atomic(page);
> > 	write to page;
> > 	kunmap_atomic(page);
> > 	flush_dcache_page(page);
> > More precisely, we might create two new APIs flush_dcache_user_page and
> > flush_dcache_kern_page to replace the two flush_dcache_page accordingly.
> > 
> > Here is a snippet tested on omap2430 with VIPT cache, and I think it is
> > not ARM-specific:
> > 	int val = 0x11111111;
> > 	fd = open("abc", O_RDWR);
> > 	addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
> > 	*(addr+0) = 0x44444444;
> > 	tmp = *(addr+0);
> > 	*(addr+1) = 0x77777777;
> > 	write(fd, &val, sizeof(int));
> > 	close(fd);
> > The results are not always 0x11111111 0x77777777 at the beginning as expected.
> > 
> Is this a real bug or not necessary to support?

Bug.  If variable `addr' has type int* then the contents of that file
should be 0x11111111 0x77777777.  You didn't tell us what the contents
were in the incorrect case, but I guess it doesn't matter.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ