| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 May 2016 00:38:44 +0800 From: Chen Gang <chengang@...ndsoft.com.cn> To: Alexander Potapenko <glider@...gle.com> CC: Dmitry Vyukov <dvyukov@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Andrey Ryabinin <aryabinin@...tuozzo.com>, kasan-dev <kasan-dev@...glegroups.com>, LKML <linux-kernel@...r.kernel.org>, "linux-mm@...ck.org" <linux-mm@...ck.org>, Chen Gang <gang.chen.5i5j@...il.com> Subject: Re: [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled() On 5/3/16 00:23, Chen Gang wrote: > On 5/2/16 23:35, Alexander Potapenko wrote: >> On Mon, May 2, 2016 at 5:13 PM, Chen Gang <chengang@...ndsoft.com.cn> wrote: >>> >>> OK. But it does not look quite easy to use kasan_disable_current() for >>> INIT_KASAN which is used in INIT_TASK. >>> >>> If we have to set "kasan_depth == 1", we have to use kasan_depth-- in >>> kasan_enable_current(). >> Agreed, decrementing the counter in kasan_enable_current() is more natural. >> I can fix this together with the comments. > > OK, thanks. And need I also send patch v2 for include/linux/kasan.h? (or > you will fix them together). > >>> >>> If we don't prevent the overflow, it will have negative effect with the >>> caller. When we issue an warning, it means the caller's hope fail, but >>> can not destroy the caller's original work. In our case: >>> >>> - Assume "kasan_depth-- for kasan_enable_current()", the first enable >>> will let kasan_depth be 0. >> Sorry, I'm not sure I follow. >> If we start with kasan_depth=0 (which is the default case for every >> task except for the init, which also gets kasan_depth=0 short after >> the kernel starts), >> then the first call to kasan_disable_current() will make kasan_depth >> nonzero and will disable KASAN. >> The subsequent call to kasan_enable_current() will enable KASAN back. >> >> There indeed is a problem when someone calls kasan_enable_current() >> without previously calling kasan_disable_current(). >> In this case we need to check that kasan_depth was zero and print a >> warning if it was. >> It actually does not matter whether we modify kasan_depth after that >> warning or not, because we are already in inconsistent state. >> But I think we should modify kasan_depth anyway to ease the debugging. >> Oh, sorry, I forgot one of our original discussing content: - If we use signed int kasan_depth, and kasan_depth <= 0 means enable, I guess, we can always modify kasan_depth. - When overflow/underflow (singed int overflow), we can use BUG_ON(), since it should be rarely happen. Thanks. > > For me, BUG_ON() will be better for debugging, but it is really not well > for using. For WARN_ON(), it already print warnings, so I am not quite > sure "always modifying kasan_depth will be ease the debugging". > > When we are in inconsistent state, for me, what we can do is: > > - Still try to do correct things within our control: "when the caller > make a mistake, if kasan_enable_current() notices about it, it need > issue warning, and prevent itself to make mistake (causing disable). > > - "try to let negative effect smaller to user", e.g. let users "loose > hope" (call enable has no effect) instead of destroying users' > original work (call enable, but get disable). > > Thanks. > -- Chen Gang (陈刚) Managing Natural Environments is the Duty of Human Beings.
Powered by blists - more mailing lists