lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20101201.095723.193718753.davem@davemloft.net>
Date:	Wed, 01 Dec 2010 09:57:23 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	michal.simek@...alogix.com
Cc:	roland@...hat.com, oleg@...hat.com, akpm@...ux-foundation.org,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org,
	john.williams@...alogix.com, edgar.iglesias@...il.com
Subject: Re: Flushing whole page instead of work for ptrace

From: Michal Simek <michal.simek@...alogix.com>
Date: Wed, 01 Dec 2010 18:10:12 +0100

> Roland McGrath wrote:
>> This is a VM question more than a ptrace question.  I can't give you
>> any authoritative answers about the VM issues.
>> Documentation/cachetlb.txt says:
>> 	Any time the kernel writes to a page cache page, _OR_
>> 	the kernel is about to read from a page cache page and
>> 	user space shared/writable mappings of this page potentially
>> 	exist, this routine is called.
>> In your case, the kernel is only reading (write=0 passed to
>> access_process_vm and get_user_pages).  In normal situations,
>> the page in question will have only a private and read-only
>> mapping in user space.  So the call should not be required in
>> these cases--if the code can tell that's so.
>> Perhaps something like the following would be safe.
>> But you really need some VM folks to tell you for sure.
>> diff --git a/mm/memory.c b/mm/memory.c
>> index 02e48aa..2864ee7 100644
>> --- a/mm/memory.c
>> +++ b/mm/memory.c
>> @@ -1484,7 +1484,8 @@ int __get_user_pages(struct task_struct *tsk,
>> struct mm_struct *mm,
>>  				pages[i] = page;
>>   				flush_anon_page(vma, page, start);
>> -				flush_dcache_page(page);
>> + if ((vm_flags & VM_WRITE) || (vma->vm_flags & VM_SHARED)
>> +					flush_dcache_page(page);
>>  			}
>>  			if (vmas)
>>  				vmas[i] = vma;
>> Thanks,
>> Roland
> 
> Andrew any comment?

I don't have any comments on this specific patch but I will note
that special care is needed _after_ the access to kick out aliases
so that other future accesses to this page, which are oblivious to
what ptrace did, don't see illegal D-cache aliases.

Have a look at arch/sparc/kernel/ptrace_64.c:flush_ptrace_access().

Also, another issue is that much of the time ptrace() is just fetching
very small chunks (perhaps, a stack frame, or some variable in the
program image), so doing an entire page flush when we only copy
a few bytes out of the page is overkill.

Sparc64's flush_ptrace_access() tries to address this as well.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ