lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sun, 11 Sep 2016 05:16:06 +0200
From:   Jiri Olsa <jolsa@...hat.com>
To:     Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:     Adrian Hunter <adrian.hunter@...el.com>,
        Jiri Olsa <jolsa@...nel.org>, Wang Nan <wangnan0@...wei.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Kees Cook <keescook@...omium.org>,
        Namhyung Kim <namhyung@...nel.org>,
        Ingo Molnar <mingo@...nel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: perf test "object code reading" segfaulting via usercopy check

On Fri, Sep 09, 2016 at 12:47:20PM -0300, Arnaldo Carvalho de Melo wrote:
> Em Fri, Sep 09, 2016 at 05:41:25PM +0200, Jiri Olsa escreveu:
> > On Fri, Sep 09, 2016 at 12:36:26PM -0300, Arnaldo Carvalho de Melo wrote:
> > > Hi Adrian,
> > > 
> > > 	I noticed that 'perf test "object code reading"' is segfaulting
> > > here:
> > > 
> > > [root@...et linux]# perf test -F "object code reading"
> > > 21: Test object code reading :Segmentation fault
> > > [root@...et linux]# 
> > > 
> > > dmesg output below, trying to figure this out...
> > 
> > heya,
> > it's the new hardened user copy check.. I sent patches for that:
> > 
> >   http://marc.info/?l=linux-kernel&m=147332143929289&w=2
> >   http://marc.info/?l=linux-kernel&m=147332145229291&w=2
> 
> Cool, but that is for the kernel, without thinking too much about it, is
> there a way to change that 'perf test' entry to avoid doing what
> triggers the segfault?
> 
> My first thought was that it was reading 4K all the way to the end,
> where it should instead read just what is remaining, but I haven't
> checked this theory at all.

it's actually reading within the bounds of kernel text that triggers
that, it's the new CONFIG_HARDENED_USERCOPY feature:
  f5509cc18daa mm: Hardened usercopy

check the change log, there's list of conditions and
one of them is:
  - object must not overlap with kernel text

jirka

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ