| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jLuccswsUnr_ABC7FyNgGttJ8s54bLndRsoNR44tBvQTw@mail.gmail.com>
Date: Fri, 19 May 2017 12:16:27 -0700
From: Kees Cook <keescook@...omium.org>
To: Andy Lutomirski <luto@...nel.org>
Cc: Catalin Marinas <catalin.marinas@....com>,
"Luis R. Rodriguez" <mcgrof@...nel.org>,
Steven Rostedt <srostedt@...hat.com>,
Stephen Smalley <sds@...ho.nsa.gov>,
Ingo Molnar <mingo@...nel.org>,
Michal Hocko <mhocko@...nel.org>,
Vlastimil Babka <vbabka@...e.cz>,
Andrew Morton <akpm@...ux-foundation.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Mateusz Guzik <mguzik@...hat.com>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: next-20170515: WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:236
note_page+0x630/0x7e0
On Fri, May 19, 2017 at 11:27 AM, Andy Lutomirski <luto@...nel.org> wrote:
> One thing I've pondered: can we make some debugging mode (kmemleak,
> perhaps?) check that freed memory is RW at the time it's freed? I
> once wrote some buggy code that freed an R page and caused an OOPS
> much later, and this bug here seems likely to be some code that frees
> RWX memory.
Which begs for even more checks: nothing should ever make a page RWX.
Either R, RW, or RX only... (or X too I guess, in the future).
-Kees
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists