| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+55aFx0b8ATmeO8KRaHrgsZnhT_0TqotsPUkxN4gbCsvrZuyA@mail.gmail.com>
Date: Sun, 2 Sep 2018 19:47:33 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Benjamin Herrenschmidt <benh@...nel.crashing.org>
Cc: Jiri Kosina <jikos@...nel.org>,
Jürgen Groß <jgross@...e.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Michal Hocko <mhocko@...e.com>,
Naoya Horiguchi <n-horiguchi@...jp.nec.com>,
Michael Ellerman <mpe@...erman.id.au>,
Will Deacon <will.deacon@....com>
Subject: Re: Access to non-RAM pages
On Sun, Sep 2, 2018 at 7:25 PM Benjamin Herrenschmidt
<benh@...nel.crashing.org> wrote:
> Ah, my bad reading, I was looking at read_word_at_a_time() instead of
> load_unaligned_zeropad(). I'm not familiar enough with the dentry qstr
> stuff, I assume this is safe ?
The dentry qstr should always be 8-byte aligned because it's a kernel
name allocation.
So it's the path component in the actual pathname string that can be
unaligned (ct/tcount in dentry_string_cmp).
The comment actually does talk about it, although the comment also
claims that the cs read would use load_unaligned_zeropad(), which it
no longer does (now it only does the read_word_at_a_time).
And read_word_at_a_time() is purely a KASAN thing. The thing can't
fault, but it *can* read uninitialized data past the end of the
string, making KASAN unhappy.
So that's actually a different issue, where KASAN does byte-level
validity testing, and doing word-at-a-time accesses obviously violates
that for strings.
Linus
Powered by blists - more mailing lists