lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAG_fn=UW0bszthjs9_8vKZOX9nCaD9gvz-7A=x8=CBf=GTDxMA@mail.gmail.com>
Date:	Thu, 11 Aug 2016 15:42:20 +0200
From:	Alexander Potapenko <glider@...gle.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Dmitriy Vyukov <dvyukov@...gle.com>,
	Kostya Serebryany <kcc@...gle.com>,
	Andrey Ryabinin <aryabinin@...tuozzo.com>,
	Andrey Konovalov <adech.fo@...il.com>,
	Christoph Lameter <cl@...ux.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Joonsoo Kim <js1304@...il.com>,
	Joonsoo Kim <iamjoonsoo.kim@....com>,
	Kuthonuzo Luruo <kuthonuzo.luruo@....com>,
	kasan-dev <kasan-dev@...glegroups.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Linux Memory Management List <linux-mm@...ck.org>
Subject: Re: [PATCH v2] kasan: avoid overflowing quarantine size on low memory systems

On Thu, Aug 11, 2016 at 12:50 AM, Andrew Morton
<akpm@...ux-foundation.org> wrote:
> On Tue,  2 Aug 2016 12:27:00 +0200 Alexander Potapenko <glider@...gle.com> wrote:
>
>> If the total amount of memory assigned to quarantine is less than the
>> amount of memory assigned to per-cpu quarantines, |new_quarantine_size|
>> may overflow. Instead, set it to zero.
>>
>> ...
>>
>> --- a/mm/kasan/quarantine.c
>> +++ b/mm/kasan/quarantine.c
>> @@ -196,7 +196,7 @@ void quarantine_put(struct kasan_free_meta *info, struct kmem_cache *cache)
>>
>>  void quarantine_reduce(void)
>>  {
>> -     size_t new_quarantine_size;
>> +     size_t new_quarantine_size, percpu_quarantines;
>>       unsigned long flags;
>>       struct qlist_head to_free = QLIST_INIT;
>>       size_t size_to_free = 0;
>> @@ -214,7 +214,9 @@ void quarantine_reduce(void)
>>        */
>>       new_quarantine_size = (READ_ONCE(totalram_pages) << PAGE_SHIFT) /
>>               QUARANTINE_FRACTION;
>> -     new_quarantine_size -= QUARANTINE_PERCPU_SIZE * num_online_cpus();
>> +     percpu_quarantines = QUARANTINE_PERCPU_SIZE * num_online_cpus();
>> +     new_quarantine_size = (new_quarantine_size < percpu_quarantines) ?
>> +             0 : new_quarantine_size - percpu_quarantines;
>>       WRITE_ONCE(quarantine_size, new_quarantine_size);
>>
>>       last = global_quarantine.head;
>
> Confused.  Which kernel version is this supposed to apply to?
This is the second version of the patch which should've been applied
to the mainline instead of v1.
But since v1 has already hit upstream, this patch makes sense no more.
If WARN_ONCE (which is currently present in this code) is a big deal,
I can send a new patch that removes it.


-- 
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ