lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1282315092.2605.1134.camel@laptop>
Date:	Fri, 20 Aug 2010 16:38:12 +0200
From:	Peter Zijlstra <peterz@...radead.org>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Ingo Molnar <mingo@...e.hu>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>,
	Russell King <rmk@....linux.org.uk>,
	David Howells <dhowells@...hat.com>,
	Ralf Baechle <ralf@...ux-mips.org>,
	David Miller <davem@...emloft.net>,
	Paul Mackerras <paulus@...ba.org>,
	Benjamin Herrenschmidt <benh@...nel.crashing.org>,
	Hugh Dickins <hughd@...gle.com>, linux-kernel@...r.kernel.org,
	linux-mm@...ck.org, linux-arch@...r.kernel.org
Subject: Re: [RFC][PATCH 0/6] mm, highmem: kmap_atomic rework

On Thu, 2010-08-19 at 14:31 -0700, Andrew Morton wrote:
> On Thu, 19 Aug 2010 22:13:17 +0200
> Peter Zijlstra <a.p.zijlstra@...llo.nl> wrote:
> 
> > 
> > This patch-set reworks the kmap_atomic API to be a stack based, instead of
> > static slot based. Some might remember this from last year, some not ;-)
> > 
> > The advantage is that you no longer need to worry about KM_foo, the
> > disadvantage is that kmap_atomic/kunmap_atomic now needs to be strictly
> > nested (CONFIG_HIGHMEM_DEBUG should complain in case its not) -- and of
> > course its a big massive patch changing a widely used API.
> 
> Nice.  That fixes the "use of irq-only slots from interrupts-on
> context" bugs which people keep adding.

Ah, I should add a:

  WARN_ON_ONCE(in_irq() && !irqs_disabled());

like check to ensure people don't use kmap_atomic() in nestable IRQ
contexts (nestable IRQ context is bad anyway) the old debug code I
deleted did something similar.

> We don't have any checks in there for the stack overflowing?

+#ifdef CONFIG_DEBUG_HIGHMEM
+       BUG_ON(idx > KM_TYPE_NR);
+#endif

Seems to be that.

> Did you add every runtime check you could possibly think of? 
> kmap_atomic_idx_push() and pop() don't have much in there.  It'd be
> good to lard it up with runtime checks for at least a few weeks.

Right, so I currently have:

 - stack size check in push/pop
 - proper nesting check in pop (verifies that the vaddr you try to
   unmap is indeed the top most on the stack)

Aside from the proposed no irq-nesting thing to avoid unbounded
recursion I can't really come up with more creative abuse.

> Well, there's that monster conversion patch.  How's about you
> temporarily do
> 
> #define kmap_atomic(x, arg...)  __kmap_atomic(x)
> 
> so for a while, both kmap_atomic(a, KM_foo) and kmap_atomic(a) are
> turned into __kmap_atomic(a).  Once all the dust has settled, pull that
> out again?

Ah, that's a nifty trick, let me try that. 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ