lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Sep 2017 17:22:28 +0100 From: David Howells <dhowells@...hat.com> To: Eric Biggers <ebiggers3@...il.com> Cc: dhowells@...hat.com, keyrings@...r.kernel.org, Michael Halcrow <mhalcrow@...gle.com>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, Eric Biggers <ebiggers@...gle.com>, stable@...r.kernel.org Subject: Re: [PATCH] KEYS: fix race between updating and finding negative key Eric Biggers <ebiggers3@...il.com> wrote: > Fix the bug by moving ->reject_error out of the union with ->payload, > then using nonzero ->reject_error to mean that the key is negative. > > This eliminates the need for KEY_FLAG_NEGATIVE, which we remove as well > so that we don't have to handle memory ordering between > KEY_FLAG_NEGATIVE and ->reject_error. We *do* still need to handle > memory ordering between KEY_FLAG_INSTANTIATED and ->reject_error, but > that was needed before (and for KEY_FLAG_NEGATIVE as well --- though it > wasn't done correctly, which was another bug). Hmmm... My only objection is that it extends struct key still further, but you do have a point. If we're going to do this, can we eliminate KEY_FLAG_INSTANTIATED also and make ->reject_error into ->status? 0 -> uninstantiated 1 -> instantiated <0 -> negatively instantiated/rejected Also, can we make it a short int please? Also, can setting this field be done with a release barrier rather than a write barrier? David
Powered by blists - more mailing lists