lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1266360301-30081-7-git-send-email-serue@us.ibm.com>
Date:	Tue, 16 Feb 2010 16:45:00 -0600
From:	Serge Hallyn <serue@...ibm.com>
To:	serue@...ibm.com
Cc:	Greg KH <greg@...ah.com>, rsc@...ch.com,
	Ashwin Ganti <ashwin.ganti@...il.com>, ericvh@...il.com,
	devel@...uxdriverproject.org, linux-kernel@...r.kernel.org,
	Ron Minnich <rminnich@...il.com>
Subject: [PATCH 7/8] p9auth: add cap_node timeout

From: Serge E. Hallyn <serue@...ibm.com>

Mark each caphash entry with the current time.  When a new caphash is
added, any entries which were added more than two minutes ago are
discarded.

We may want to make two minutes configurable, or may want to also
discard entries if more than N entries are on the list (to prevent
a forced OOM by a misbehaving privileged process).  The purpose
of this patch is only to prevent gradually consuming more and more
memory due to "legitimate" unused entries.

Signed-off-by: Serge E. Hallyn <serue@...ibm.com>
Cc: Greg KH <greg@...ah.com>
cc: rsc@...ch.com
Cc: Ashwin Ganti <ashwin.ganti@...il.com>
Cc: ericvh@...il.com
Cc: devel@...uxdriverproject.org
Cc: linux-kernel@...r.kernel.org
Cc: Ron Minnich <rminnich@...il.com>
---
 drivers/staging/p9auth/p9auth.c |   20 ++++++++++++++++++++
 1 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/drivers/staging/p9auth/p9auth.c b/drivers/staging/p9auth/p9auth.c
index e94c4fe..6012bd9 100644
--- a/drivers/staging/p9auth/p9auth.c
+++ b/drivers/staging/p9auth/p9auth.c
@@ -40,6 +40,7 @@
 
 struct cap_node {
 	char data[CAP_NODE_SIZE];
+	unsigned long time_created;
 	struct list_head list;
 };
 
@@ -275,6 +276,23 @@ static int grant_id(struct id_set *set)
 	return ret;
 }
 
+/* Expose this through sysctl eventually?  2 min timeout for hashes */
+
+static int cap_timeout = 120;
+static void remove_old_entries(struct cap_dev *dev)
+{
+	struct cap_node *node, *tmp;
+
+	if (dev->head == NULL)
+		return;
+	list_for_each_entry_safe(node, tmp, &dev->head->list, list) {
+		if (node->time_created + HZ * cap_timeout < jiffies) {
+			list_del(&node->list);
+			kfree(node);
+		}
+	}
+}
+
 static int add_caphash_entry(struct cap_dev *dev, char *user_buf, size_t count)
 {
 	struct cap_node *node_ptr;
@@ -290,7 +308,9 @@ static int add_caphash_entry(struct cap_dev *dev, char *user_buf, size_t count)
 	printk(KERN_INFO "Capability being written to /dev/caphash : \n");
 	hexdump(user_buf, count);
 	memcpy(node_ptr->data, user_buf, count);
+	node_ptr->time_created = jiffies;
 	list_add(&(node_ptr->list), &(dev->head->list));
+	remove_old_entries(dev);
 
 	return 0;
 }
-- 
1.6.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ