lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 7 May 2015 11:48:19 +0200
From:	Ingo Molnar <mingo@...nel.org>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	David Hildenbrand <dahi@...ux.vnet.ibm.com>,
	linux-kernel@...r.kernel.org, mingo@...hat.com,
	peterz@...radead.org, yang.shi@...driver.com,
	bigeasy@...utronix.de, benh@...nel.crashing.org, paulus@...ba.org,
	heiko.carstens@...ibm.com, schwidefsky@...ibm.com,
	borntraeger@...ibm.com, mst@...hat.com, tglx@...utronix.de,
	David.Laight@...LAB.COM, hughd@...gle.com, hocko@...e.cz,
	ralf@...ux-mips.org, herbert@...dor.apana.org.au,
	linux@....linux.org.uk, airlied@...ux.ie, daniel.vetter@...el.com,
	linux-mm@...ck.org, linux-arch@...r.kernel.org
Subject: Re: [PATCH RFC 00/15] decouple pagefault_disable() from
 preempt_disable()


* Andrew Morton <akpm@...ux-foundation.org> wrote:

> On Wed,  6 May 2015 19:50:24 +0200 David Hildenbrand <dahi@...ux.vnet.ibm.com> wrote:
> 
> > As Peter asked me to also do the decoupling in one shot, this is
> > the new series.
> > 
> > I recently discovered that might_fault() doesn't call might_sleep()
> > anymore. Therefore bugs like:
> > 
> >   spin_lock(&lock);
> >   rc = copy_to_user(...);
> >   spin_unlock(&lock);
> > 
> > would not be detected with CONFIG_DEBUG_ATOMIC_SLEEP. The code was
> > changed to disable false positives for code like:
> > 
> >   pagefault_disable();
> >   rc = copy_to_user(...);
> >   pagefault_enable();
> > 
> > Whereby the caller wants do deal with failures.
> 
> hm, that was a significant screwup.  I wonder how many bugs we
> subsequently added.

So I'm wondering what the motivation was to allow things like:

   pagefault_disable();
   rc = copy_to_user(...);
   pagefault_enable();

and to declare it a false positive?

AFAICS most uses are indeed atomic:

        pagefault_disable();
        ret = futex_atomic_cmpxchg_inatomic(curval, uaddr, uval, newval);
        pagefault_enable();

so why not make it explicitly atomic again?

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ