| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120130210702.GG4282@moon>
Date: Tue, 31 Jan 2012 01:07:02 +0400
From: Cyrill Gorcunov <gorcunov@...nvz.org>
To: Jonathan Corbet <corbet@....net>
Cc: linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Pavel Emelyanov <xemul@...allels.com>,
Serge Hallyn <serge.hallyn@...onical.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
Kees Cook <keescook@...omium.org>, Tejun Heo <tj@...nel.org>,
Andrew Vagin <avagin@...nvz.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Alexey Dobriyan <adobriyan@...il.com>,
Andi Kleen <andi@...stfloor.org>,
KOSAKI Motohiro <kosaki.motohiro@...il.com>,
Ingo Molnar <mingo@...e.hu>, "H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Glauber Costa <glommer@...allels.com>,
Matt Helsley <matthltc@...ibm.com>,
Pekka Enberg <penberg@...nel.org>,
Eric Dumazet <eric.dumazet@...il.com>,
Vasiliy Kulikov <segoon@...nwall.com>, Valdis.Kletnieks@...edu
Subject: Re: [patch cr 2/4] [RFC] syscalls, x86: Add __NR_kcmp syscall v7
On Mon, Jan 30, 2012 at 12:58:12PM -0700, Jonathan Corbet wrote:
> Just a couple of silly little things that came to mind while I was looking
> at the code...
>
> > +/*
> > + * We don't expose real in-memory order of objects for security
> > + * reasons, still the comparision results should be suitable for
> > + * sorting. Thus, we obfuscate kernel pointers values (using random
> > + * cookies obtaned at early boot stage) and compare the production
> > + * instead.
> > + */
> > +static unsigned long cookies[KCMP_TYPES][2] __read_mostly;
> > +
> > +static long kptr_obfuscate(long v, int type)
> > +{
> > + return (v ^ cookies[type][0]) * cookies[type][1];
> > +}
>
> I don't understand the purpose of this at all. Obfuscation will cause a
> random shuffling in the ordering of the pointers - it's intended to - so
> how is the result "suitable for sorting"? More to the point, is there
> ever a time when a user of this will care about some contrived ordering
> value? It seems like equality is all that really matters.
>
It won't be completely random shuffling but rather re-ordering in some
new order, which means the results might be passed to qsort or anything.
And yes, in c/r we need at least this "re-ordered" order which will help
to figure out shared file descriptors in case of huge number of files opened.
> > +
> > +/*
> > + * 0 - equal
> > + * 1 - less than
> > + * 2 - greater than
> > + * 3 - not equal but ordering unavailable (reserved for future)
> > + */
> > +static int kcmp_ptr(void *v1, void *v2, enum kcmp_type type)
> > +{
> > + long ret;
> > +
> > + ret = kptr_obfuscate((long)v1, type) - kptr_obfuscate((long)v2, type);
> > +
> > + return (ret < 0) | ((ret > 0) << 1);
> > +}
>
> That's a cute trick, but do we know that every compiler that will ever see
> this code will use 1 for a true integer comparison? Simply spelling it
> out with an if statement might be more robust, just as efficient, and, at
> the same time, easier for others to understand.
Well, I believe if this become true, and (ret < 0) wont emit 1 -- the
number of places in kernel will be broken as well (for example see
math_div() function). But of course I don't insist and can rewrite
this code in straight fashion if needed.
Cyrill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists