| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Oct 2010 12:00:13 +0200 From: Avi Kivity <avi@...hat.com> To: Gleb Natapov <gleb@...antech.com> CC: Marcelo Tosatti <mtosatti@...hat.com>, Gleb Natapov <gleb@...hat.com>, kvm@...r.kernel.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org, mingo@...e.hu, a.p.zijlstra@...llo.nl, tglx@...utronix.de, hpa@...or.com, riel@...hat.com, cl@...ux-foundation.org Subject: Re: [PATCH v6 04/12] Add memory slot versioning and use it to provide fast guest write interface On 10/06/2010 10:08 PM, Gleb Natapov wrote: > > Malicious userspace can cause entry to be cached, ioctl > > SET_USER_MEMORY_REGION 2^32 times, generation number will match, > > mark_page_dirty_in_slot will be called with pointer to freed memory. > > > Hmm. To zap all cached entires on overflow we need to track them. If we > will track then we can zap them on each slot update and drop "generation" > entirely. To track them you need locking. Isn't SET_USER_MEMORY_REGION so slow that calling it 2^32 times isn't really feasible? In any case, can use u64 generation count. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists