lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+55aFwoifDB9YPC53KrFm1DZNVEzYL4+dfP96GE3rz8YCVaMg@mail.gmail.com>
Date:	Fri, 2 Mar 2012 17:11:41 -0800
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Andi Kleen <andi@...stfloor.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	linux-fsdevel <linux-fsdevel@...r.kernel.org>,
	Al Viro <viro@...iv.linux.org.uk>
Subject: Re: Word-at-a-time dcache name accesses (was Re: .. anybody know of
 any filesystems that depend on the exact VFS 'namehash' implementation?)

On Fri, Mar 2, 2012 at 5:02 PM, H. Peter Anvin <hpa@...or.com> wrote:
>
> Note that does mean we need a guard page after each and every
> discontiguous RAM range, not just the last one.  Raising that issue
> since we have had serious bugs in that area in the past.

Are you sure? I didn't think we even *mapped* things at that granularity.

We only really need a guard page at the end of an actual end-of-ram
where we no longer have page tables and/or could hit device space.

Which in practice never actually is an issue on PC's - we already
guard against BIOS usage just under the 0xA0000 address, and in
practice there are always ACPI tables at the end of RAM (and on x86-32
we can't use highmem for filenames anyway, so that takes away *those*
cases).

Which is why I think that for testing purposes we don't even need to
care - it's basically a "can't happen" (not to mention that nobody
actually uses PATH_MAX pathames).

For robustness and actual deployment, I do think that yes, we do want
to make it an explicit rule.

                    Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ