| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 01 Apr 2014 21:07:02 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: John Stultz <john.stultz@...aro.org>, Johannes Weiner <hannes@...xchg.org> CC: LKML <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Android Kernel Team <kernel-team@...roid.com>, Robert Love <rlove@...gle.com>, Mel Gorman <mel@....ul.ie>, Hugh Dickins <hughd@...gle.com>, Dave Hansen <dave@...1.net>, Rik van Riel <riel@...hat.com>, Dmitry Adamushko <dmitry.adamushko@...il.com>, Neil Brown <neilb@...e.de>, Andrea Arcangeli <aarcange@...hat.com>, Mike Hommey <mh@...ndium.org>, Taras Glek <tglek@...illa.com>, Jan Kara <jack@...e.cz>, KOSAKI Motohiro <kosaki.motohiro@...il.com>, Michel Lespinasse <walken@...gle.com>, Minchan Kim <minchan@...nel.org>, "linux-mm@...ck.org" <linux-mm@...ck.org> Subject: Re: [PATCH 0/5] Volatile Ranges (v12) & LSF-MM discussion fodder On 04/01/2014 09:03 PM, John Stultz wrote: > > So, maybe its best to ignore the fact that folks want to do semi-crazy > user-space faulting via SIGBUS. At least to start with. Lets look at the > semantic for the "normal" mark volatile, never touch the pages until you > mark non-volatile - basically where accessing volatile pages is similar > to a use-after-free bug. > > So, for the most part, I'd say the proposed SIGBUS semantics don't > complicate things for this basic use-case, at least when compared with > things like zero-fill. If an applications accidentally accessed a > purged volatile page, I think SIGBUS is the right thing to do. They most > likely immediately crash, but its better then them moving along with > silent corruption because they're mucking with zero-filled pages. > > So between zero-fill and SIGBUS, I think SIGBUS makes the most sense. If > you have a third option you're thinking of, I'd of course be interested > in hearing it. > People already do SIGBUS for mmap, so there is nothing new here. > Now... once you've chosen SIGBUS semantics, there will be folks who will > try to exploit the fact that we get SIGBUS on purged page access (at > least on the user-space side) and will try to access pages that are > volatile until they are purged and try to then handle the SIGBUS to fix > things up. Those folks exploiting that will have to be particularly > careful not to pass volatile data to the kernel, and if they do they'll > have to be smart enough to handle the EFAULT, etc. That's really all > their problem, because they're being clever. :) Yep. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists