| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170224000721.GA26920@node.shutemov.name>
Date: Fri, 24 Feb 2017 03:07:21 +0300
From: "Kirill A. Shutemov" <kirill@...temov.name>
To: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
kirill.shutemov@...ux.intel.com, shuah@...nel.org,
linux-kselftest@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH 1/2] x86, pkeys: check against max pkey to avoid overflows
On Thu, Feb 23, 2017 at 02:26:03PM -0800, Dave Hansen wrote:
>
> From: Dave Hansen <dave.hansen@...ux.intel.com>
>
> Kirill got a warning from UBSAN about undefined behavior when using
> protection keys. He is running on hardware that actually has support
> for it, which is not widely available.
>
> The warning was because we did some very large shifts of integers when
> doing a pkey_free() of a large, invalid value because we never check
> that the pkey "fits" into the mm_pkey_allocation_map().
>
> I do not believe there is any danger here of anything bad happening
> other than some aliasing issues where somebody could do:
>
> pkey_free(35);
>
> and the kernel would effectively execute:
>
> pkey_free(8);
>
> While this might be confusing to an app that was doing something
> stupid, it has to do something stupid and the effects are limited to
> the app shooting itself in the foot.
>
> Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
--
Kirill A. Shutemov
Powered by blists - more mailing lists