lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150705154441.GA4682@node.dhcp.inet.fi>
Date:	Sun, 5 Jul 2015 18:44:41 +0300
From:	"Kirill A. Shutemov" <kirill@...temov.name>
To:	Boaz Harrosh <boaz@...xistor.com>
Cc:	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Rik van Riel <riel@...hat.com>, Mel Gorman <mgorman@...e.de>,
	Hugh Dickins <hughd@...gle.com>,
	Andrea Arcangeli <aarcange@...hat.com>,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org,
	linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] mm: avoid setting up anonymous pages into file mapping

On Sun, Jul 05, 2015 at 06:15:20PM +0300, Boaz Harrosh wrote:
> On 07/03/2015 05:07 PM, Kirill A. Shutemov wrote:
> > Reading page fault handler code I've noticed that under right
> > circumstances kernel would map anonymous pages into file mappings:
> > if the VMA doesn't have vm_ops->fault() and the VMA wasn't fully
> > populated on ->mmap(), kernel would handle page fault to not populated
> > pte with do_anonymous_page().
> > 
> > There's chance that it was done intentionally, but I don't see good
> > justification for this. We just hide bugs in broken drivers.
> > 
> 
> Have you done a preliminary audit for these broken drivers? If they actually
> exist in-tree then this patch is a regression for them.

No, I didn't check drivers.

On other hand, if such driver exists it has security issue. If you're
able to setup zero page into file mapping, you can make it writable with
security implications.

> We need to look for vm_ops without an .fault = . Perhaps define a
> map_annonimous() for those to revert to the old behavior, if any
> actually exist.

No. Drivers should be fixed properly.

> > Let's change page fault handler to use do_anonymous_page() only on
> > anonymous VMA (->vm_ops == NULL).
> > 
> > For file mappings without vm_ops->fault() page fault on pte_none() entry
> > would lead to SIGBUS.
> > 
> 
> Again that could mean a theoretical regression for some in-tree driver,
> do you know of any such driver?

I did very little testing with the patch: boot kvm with Fedora and run
trinity there for a while. More testing is required.

-- 
 Kirill A. Shutemov
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ