lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sun, 8 Jan 2017 01:44:25 -0800
From:   Christoph Hellwig <hch@...radead.org>
To:     Kees Cook <keescook@...omium.org>
Cc:     Christoph Hellwig <hch@...radead.org>,
        Dave Jones <davej@...emonkey.org.uk>,
        Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: sg_io HARDENED_USERCOPY_PAGESPAN trace

On Tue, Jan 03, 2017 at 01:48:03PM -0800, Kees Cook wrote:
> There are a lot of cases of "missing" __GFP_COMP, which is why
> HARDENED_USERCOPY_PAGESPAN defaults to "n".
> 
> > If this is on a devie using blk-mq the block core will use high
> > order allocations (as high as possible) to allocate the requests
> > for each queue, so struct request could very well span multiple
> > pages.  But I don't see what __GFP_COMP would have to do with
> > user copy annoations.  As all requests for a queue are freed
> > togeth again there is no point in setting __GFP_COMP for the
> > request allocations.
> 
> Does it hurt anything to mark these pages as allocated "together" via
> __GFP_COMP?

It don't think it would hurt the block code - it only allocates the
pages once, and frees them once.  But I think hijacking your feature
on top of a totally unrelated flag is a horrible idea.  __GFP_COMP
is about refcounting the allocation, not about anything else.  The prime
use case of high order allocations is to use them as a single memory
object, which might include user copies.

So as-is I think HARDENED_USERCOPY_PAGESPAN is a misfeature, it needs to
be opt-in for allocations where we might not copy over the span of
pages, not opt-out.  And I suspect there aren't going to be all that
many opt-out candidates.

> 
> -Kees
> 
> -- 
> Kees Cook
> Nexus Security
---end quoted text---

Powered by blists - more mailing lists