| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAG_fn=X2zahG9enAdSPxwqC-VV6nwK2PhuAXPyhOvASnXok9JQ@mail.gmail.com>
Date: Tue, 2 Aug 2016 12:07:08 +0200
From: Alexander Potapenko <glider@...gle.com>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>,
Kostya Serebryany <kcc@...gle.com>,
Andrey Konovalov <adech.fo@...il.com>,
Christoph Lameter <cl@...ux.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Steven Rostedt <rostedt@...dmis.org>,
Joonsoo Kim <js1304@...il.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Kuthonuzo Luruo <kuthonuzo.luruo@....com>,
kasan-dev <kasan-dev@...glegroups.com>,
LKML <linux-kernel@...r.kernel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>
Subject: Re: [PATCH] kasan: avoid overflowing quarantine size on low memory systems
On Tue, Aug 2, 2016 at 12:05 PM, Dmitry Vyukov <dvyukov@...gle.com> wrote:
> On Tue, Aug 2, 2016 at 12:00 PM, Andrey Ryabinin
> <aryabinin@...tuozzo.com> wrote:
>>
>>
>> On 08/01/2016 05:59 PM, Alexander Potapenko wrote:
>>> If the total amount of memory assigned to quarantine is less than the
>>> amount of memory assigned to per-cpu quarantines, |new_quarantine_size|
>>> may overflow. Instead, set it to zero.
>>>
>>
>> Just curious, how did find this?
>> Overflow is possible if system has more than 32 cpus per GB of memory. AFIAK this quite unusual.
>
> I was reading code for unrelated reason.
>
>>> Reported-by: Dmitry Vyukov <dvyukov@...gle.com>
>>> Fixes: 55834c59098d ("mm: kasan: initial memory quarantine
>>> implementation")
>>> Signed-off-by: Alexander Potapenko <glider@...gle.com>
>>> ---
>>> mm/kasan/quarantine.c | 12 ++++++++++--
>>> 1 file changed, 10 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c
>>> index 65793f1..416d3b0 100644
>>> --- a/mm/kasan/quarantine.c
>>> +++ b/mm/kasan/quarantine.c
>>> @@ -196,7 +196,7 @@ void quarantine_put(struct kasan_free_meta *info, struct kmem_cache *cache)
>>>
>>> void quarantine_reduce(void)
>>> {
>>> - size_t new_quarantine_size;
>>> + size_t new_quarantine_size, percpu_quarantines;
>>> unsigned long flags;
>>> struct qlist_head to_free = QLIST_INIT;
>>> size_t size_to_free = 0;
>>> @@ -214,7 +214,15 @@ void quarantine_reduce(void)
>>> */
>>> new_quarantine_size = (READ_ONCE(totalram_pages) << PAGE_SHIFT) /
>>> QUARANTINE_FRACTION;
>>> - new_quarantine_size -= QUARANTINE_PERCPU_SIZE * num_online_cpus();
>>> + percpu_quarantines = QUARANTINE_PERCPU_SIZE * num_online_cpus();
>>> + if (new_quarantine_size < percpu_quarantines) {
>>> + WARN_ONCE(1,
>>> + "Too little memory, disabling global KASAN quarantine.\n",
>>> + );
>>
>> Why WARN? I'd suggest pr_warn_once();
>
>
> I would suggest to just do something useful. Setting quarantine
> new_quarantine_size to 0 looks fine.
> What would user do with this warning? Number of CPUs and amount of
> memory are generally fixed. Why is it an issue for end user at all? We
> still have some quarantine per-cpu. A WARNING means a [non-critical]
> kernel bug. E.g. syzkaller will catch each and every boot of such
> system as a bug.
How about printk_once then?
Silently setting the quarantine size to zero may puzzle the user.
>
>>> + new_quarantine_size = 0;
>>> + } else {
>>> + new_quarantine_size -= percpu_quarantines;
>>> + }
>>> WRITE_ONCE(quarantine_size, new_quarantine_size);
>>>
>>> last = global_quarantine.head;
>>>
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Powered by blists - more mailing lists