| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrVGhXiZqGMNkdeebjLTR6MdnvVqzcDikzGHp9JehuzHKQ@mail.gmail.com>
Date: Wed, 6 Jul 2016 06:20:46 -0700
From: Andy Lutomirski <luto@...capital.net>
To: Borislav Petkov <bp@...en8.de>
Cc: Andy Lutomirski <luto@...nel.org>, X86 ML <x86@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
linux-arch <linux-arch@...r.kernel.org>,
Nadav Amit <nadav.amit@...il.com>,
Kees Cook <keescook@...omium.org>,
Brian Gerst <brgerst@...il.com>,
"kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Jann Horn <jann@...jh.net>,
Heiko Carstens <heiko.carstens@...ibm.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH v4 08/29] dma-api: Teach the "DMA-from-stack" check about
vmapped stacks
On Thu, Jun 30, 2016 at 12:37 PM, Borislav Petkov <bp@...en8.de> wrote:
> On Sun, Jun 26, 2016 at 02:55:30PM -0700, Andy Lutomirski wrote:
>> If we're using CONFIG_VMAP_STACK and we manage to point an sg entry
>> at the stack, then either the sg page will be in highmem or sg_virt
>> will return the direct-map alias. In neither case will the existing
>> check_for_stack() implementation realize that it's a stack page.
>>
>> Fix it by explicitly checking for stack pages.
>>
>> This has no effect by itself. It's broken out for ease of review.
>>
>> Cc: Andrew Morton <akpm@...ux-foundation.org>
>> Cc: Arnd Bergmann <arnd@...db.de>
>> Signed-off-by: Andy Lutomirski <luto@...nel.org>
>> ---
>> lib/dma-debug.c | 39 +++++++++++++++++++++++++++++++++------
>> 1 file changed, 33 insertions(+), 6 deletions(-)
>>
>> diff --git a/lib/dma-debug.c b/lib/dma-debug.c
>> index 51a76af25c66..5b2e63cba90e 100644
>> --- a/lib/dma-debug.c
>> +++ b/lib/dma-debug.c
>> @@ -22,6 +22,7 @@
>> #include <linux/stacktrace.h>
>> #include <linux/dma-debug.h>
>> #include <linux/spinlock.h>
>> +#include <linux/vmalloc.h>
>> #include <linux/debugfs.h>
>> #include <linux/uaccess.h>
>> #include <linux/export.h>
>> @@ -1162,11 +1163,35 @@ static void check_unmap(struct dma_debug_entry *ref)
>> put_hash_bucket(bucket, &flags);
>> }
>>
>> -static void check_for_stack(struct device *dev, void *addr)
>> +static void check_for_stack(struct device *dev,
>> + struct page *page, size_t offset)
>> {
>> - if (object_is_on_stack(addr))
>> - err_printk(dev, NULL, "DMA-API: device driver maps memory from "
>> - "stack [addr=%p]\n", addr);
>> + void *addr;
>> + struct vm_struct *stack_vm_area = task_stack_vm_area(current);
>
> lib/dma-debug.c: In function ‘check_for_stack’:
> lib/dma-debug.c:1170:36: error: implicit declaration of function ‘task_stack_vm_area’ [-Werror=implicit-function-declaration]
> struct vm_struct *stack_vm_area = task_stack_vm_area(current);
> ^
> lib/dma-debug.c:1170:36: warning: initialization makes pointer from integer without a cast [-Wint-conversion]
> cc1: some warnings being treated as errors
> make[1]: *** [lib/dma-debug.o] Error 1
> make: *** [lib] Error 2
> make: *** Waiting for unfinished jobs....
>
> Probably reorder pieces from patch 9 to earlier ones...
I'll address this by reordering it later in the series. The temporary
loss of functionality will be unobservable.
--Andy
Powered by blists - more mailing lists