| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180628152841.rgc62aqqckcuecaf@ltop.local>
Date: Thu, 28 Jun 2018 17:28:43 +0200
From: Luc Van Oostenryck <luc.vanoostenryck@...il.com>
To: Catalin Marinas <catalin.marinas@....com>
Cc: Mark Rutland <Mark.Rutland@....com>,
Kate Stewart <kstewart@...uxfoundation.org>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
Will Deacon <Will.Deacon@....com>,
Linux Memory Management List <linux-mm@...ck.org>,
"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
Chintan Pandya <cpandya@...eaurora.org>,
Shuah Khan <shuah@...nel.org>, Ingo Molnar <mingo@...nel.org>,
"linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>,
Jacob Bramley <Jacob.Bramley@....com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Evgeniy Stepanov <eugenis@...gle.com>,
Kees Cook <keescook@...omium.org>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@....com>,
Andrey Konovalov <andreyknvl@...gle.com>,
Ramana Radhakrishnan <ramana.radhakrishnan@....com>,
Al Viro <viro@...iv.linux.org.uk>, nd <nd@....com>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
Kostya Serebryany <kcc@...gle.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Lee Smith <Lee.Smith@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Robin Murphy <Robin.Murphy@....com>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
On Thu, Jun 28, 2018 at 03:48:59PM +0100, Catalin Marinas wrote:
> On Thu, Jun 28, 2018 at 12:46:11PM +0200, Luc Van Oostenryck wrote:
> > On Thu, Jun 28, 2018 at 11:27:42AM +0100, Catalin Marinas wrote:
> > > On Thu, Jun 28, 2018 at 08:17:59AM +0200, Luc Van Oostenryck wrote:
> > > > On Wed, Jun 27, 2018 at 06:17:58PM +0100, Catalin Marinas wrote:
> > > > > sparse is indeed an option. The current implementation doesn't warn on
> > > > > an explicit cast from (void __user *) to (unsigned long) since that's a
> > > > > valid thing in the kernel. I couldn't figure out if there's any other
> > > > > __attribute__ that could be used to warn of such conversion.
> > > >
> > > > sparse doesn't have such attribute but would an new option that would warn
> > > > on such cast be a solution for your case?
> > >
> > > I can't tell for sure whether such sparse option would be the full
> > > solution but detecting explicit __user pointer casts to long is a good
> > > starting point. So far this patchset pretty much relies on detecting
> > > a syscall failure and trying to figure out why, patching the kernel. It
> > > doesn't really scale.
> >
> > OK, I'll add such an option this evening.
>
> That's great, thanks. I think this should cover casting pointers to any
> integer types, not just "unsigned long" (e.g. long long).
Yes, of course.
> The only downside is that with this patchset the untagging can be done
> after the conversion to ulong (get_user_pages()) as that's where the
> problem was noticed. With a new sparse feature, we'd have to annotate
> the conversion sites (not sure how many until we run the tool though).
I've done a lot of hacking on sparse and as such I run a lot of tests.
What I see with these tests is that a lot of annotations are wrong or
missing so I'm very reluctant to add another attribute. Even more so
one that would be only slightly different than an existing one. OTOH,
if it's something localized or a one-shot and there is a need, ...
why not?
What would you ideally need?
-- Luc
Powered by blists - more mailing lists