lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56CE58BA.3080900@redhat.com>
Date:	Wed, 24 Feb 2016 17:28:26 -0800
From:	Laura Abbott <labbott@...hat.com>
To:	Kees Cook <keescook@...omium.org>
Cc:	Laura Abbott <labbott@...oraproject.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Arnd Bergmann <arnd@...db.de>,
	"kernel-hardening@...ts.openwall.com" 
	<kernel-hardening@...ts.openwall.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCHv2] lkdtm: Add READ_AFTER_FREE test

On 02/24/2016 03:37 PM, Kees Cook wrote:
> On Wed, Feb 24, 2016 at 1:48 PM, Kees Cook <keescook@...omium.org> wrote:
>> On Wed, Feb 24, 2016 at 11:40 AM, Laura Abbott <labbott@...hat.com> wrote:
>>> Yep, looks like the v1 patches and not the v2 patches which fix
>>> a known issue with the zeroing.
>>
>> Ah-ha, I'll go find those and retest.
>
> I sent out a series that was rebased. It works for me, but I want to
> make sure I didn't make any glaring issues. I've also sent some fixes
> to the lkdtm tests. One thing that stands out to me still is that the
> READ_AFTER_FREE never shows poisoning. I remain confused, since
> obviously if zeroing is working, it's being correctly poisoned...
>
> -Kees
>

I'll review the rebased series you sent out for the page poisoning patches.
If it's okay with you, I'll pull in the updates to the LKDTM test. If you
test with slub_debug=P on the command line do you see the READ_AFTER_FREE
test working as expected? Setting that on the command line will set up
the poisoning which should make the READ_AFTER_FREE test fail.

Thanks,
Laura

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ