lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150421142748.GB32624@dhcp22.suse.cz>
Date:	Tue, 21 Apr 2015 16:27:48 +0200
From:	Michal Hocko <mhocko@...e.cz>
To:	David Herrmann <dh.herrmann@...il.com>
Cc:	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
	Andy Lutomirski <luto@...capital.net>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Richard Weinberger <richard@....at>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Steven Rostedt <rostedt@...dmis.org>,
	Jiri Kosina <jkosina@...e.cz>,
	Al Viro <viro@...iv.linux.org.uk>,
	Borislav Petkov <bp@...en8.de>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Arnd Bergmann <arnd@...db.de>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Tom Gundersen <teg@...m.no>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Daniel Mack <daniel@...que.org>,
	Djalal Harouni <tixxdz@...ndz.org>
Subject: Re: [GIT PULL] kdbus for 4.1-rc1

On Tue 21-04-15 16:01:01, David Herrmann wrote:
> Hi
> 
> On Tue, Apr 21, 2015 at 2:20 PM, Michal Hocko <mhocko@...e.cz> wrote:
> > On Tue 21-04-15 12:17:49, David Herrmann wrote:
> >> Hi
> >>
> >> On Tue, Apr 21, 2015 at 11:35 AM, One Thousand Gnomes
> >> <gnomes@...rguk.ukuu.org.uk> wrote:
> >> >> On top of that, I think that someone into resource management needs to
> >> >> seriously consider whether having a broadcast send do get_user_pages
> >> >> or the equivalent on pages supplied by untrusted recipients (plural!)
> >> >> is a good idea.
> >> >
> >> > Oh but its so much fun if you pass pages belonging to a device driver, or
> >> > pass bits of a GEM object thereby keeping entire graphics textures
> >> > referenced 8)
> >>
> >> We do not use GUP, nor do we pass around pinned pages. All we use is
> >> __vfs_read() / __vfs_write() on shmem. Whether generic_file_write() /
> >> copy_from_user() internally relies on GUP or not, is an orthogonal
> >> issue that does not belong here.
> >
> > It kind of does AFAIU.
> 
> No, it is not. The issue with GUP is that you elevate the page
> ref-count and thus prevent lru isolation, sealing, whatsoever.

The point was that such a memory might be not present yet and need a
page fault with all the side effects - memory reclaim, memcg charge...

> I cannot see how it is related to kdbus. However, ...
> 
> > If for nothing else then the memcg reasons mentioned in
> > other email (http://marc.info/?l=linux-kernel&m=142953380508188). If an
> > untrusted user is allowed to hand over a shmem backed buffer which hasn't
> > been charged yet (read faulted in) and then kdbus forced to fault it in
> > a different user's context then you basically allow to hide memory
> > allocations from the memcg. That is a clear show stopper.
> >
> > Or have I misunderstood the way how shmem buffers are used here?
> 
> ..as you mentioned memcg, lets figure that out here. shmem buffers are
> used as receive-buffers by kdbus peers. They are read-only to
> user-space. All allocations are done by the kernel on message passing.

OK, so the shmem buffer is allocated on the kernels behalf and under
its control and no userspace can hand over one to kdbus. Do I get
it right? If yes then the memcg escape I was describing above is
not possible of course. This wasn't clear to me from the previous
discussion. Thanks for the clarification!
-- 
Michal Hocko
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ