lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120531002802.GA11775@ZenIV.linux.org.uk>
Date:	Thu, 31 May 2012 01:28:02 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Eric Paris <eparis@...isplace.org>,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	Mimi Zohar <zohar@...ibm.com>,
	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] vfs: fix IMA lockdep circular locking dependency

On Wed, May 30, 2012 at 03:51:27PM -0700, Linus Torvalds wrote:
> On Wed, May 30, 2012 at 2:36 PM, Al Viro <viro@...iv.linux.org.uk> wrote:
> >
> > The only difference is that for file-backed ones !MMU wants
> > VM_MAYEXEC in that file's bdi flags (BDI_CAP_EXEC_MAP). ?And
> > that actually sounds reasonable in !MMU case.
> 
> Ok, I don't think it should be strictly necessary, but I guess I don't
> mind either.
> 
> > Anyway, I've dumped the variant I've got into vfs.git@...urity_file_mmap;
> > it should be at commit f12a0fd062b1d259a0b6bc6442019e6d4c45e9f5.
> >
> > Comments?
> 
> Two small ones:
> 
>  - I really don't think you should use "goto out" in
> security_mmap_file(). That implies that you're exiting the function,
> but in fact you're jumping to the very *meat* of the function.
> 
>    So I think you should rename "out" as "no_added_exec" or something.

FWIW, I think it's cleaner to take the whole thing into an inlined helper.

> And a small question:  This code:
> 
> +       ret = security_mmap_file(file, prot, flags);
> +       if (!ret) {
> +               down_write(&current->mm->mmap_sem);
> +               retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
> +               up_write(&current->mm->mmap_sem);
> +       }
> 
> now seems to exist in four places. And in fact, that pretty much seems
> to *be* what vm_mmap() is, at this point. Why isn't there just one
> single vm_mmap() implementation, and then the callers of that?

Umm...  Not quite.  The difference is that vm_mmap() takes its argument as
offset in bytes, while sys_mmap_pgoff() - in pages.

It can be reorganized a bit, though.  vm_mmap() aside, there are only two
callers of do_mmap(), both passing it 0 as the last argument.  So let's
lift these checks on offset into vm_mmap() and kill do_mmap() completely -
all that remains of it would be a call of do_mmap_pgoff().  And there's no
reason to put those sanity checks (now in vm_mmap()) under ->mmap_sem,
of course.  At that point we *do* get 4 identical pieces of code.  Let's
call that vm_mmap_pgoff() and put it (and vm_mmap()) to mm/util.c.  Voila...

I've pushed that to the same place (vfs.git#security_file_mmap).  Should
propagate to git.kernel.org in a few...  Guys, does anybody have objections
about the way it looks?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ