lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 2 Sep 2018 19:47:33 -0700 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Benjamin Herrenschmidt <benh@...nel.crashing.org> Cc: Jiri Kosina <jikos@...nel.org>, Jürgen Groß <jgross@...e.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Michal Hocko <mhocko@...e.com>, Naoya Horiguchi <n-horiguchi@...jp.nec.com>, Michael Ellerman <mpe@...erman.id.au>, Will Deacon <will.deacon@....com> Subject: Re: Access to non-RAM pages On Sun, Sep 2, 2018 at 7:25 PM Benjamin Herrenschmidt <benh@...nel.crashing.org> wrote: > Ah, my bad reading, I was looking at read_word_at_a_time() instead of > load_unaligned_zeropad(). I'm not familiar enough with the dentry qstr > stuff, I assume this is safe ? The dentry qstr should always be 8-byte aligned because it's a kernel name allocation. So it's the path component in the actual pathname string that can be unaligned (ct/tcount in dentry_string_cmp). The comment actually does talk about it, although the comment also claims that the cs read would use load_unaligned_zeropad(), which it no longer does (now it only does the read_word_at_a_time). And read_word_at_a_time() is purely a KASAN thing. The thing can't fault, but it *can* read uninitialized data past the end of the string, making KASAN unhappy. So that's actually a different issue, where KASAN does byte-level validity testing, and doing word-at-a-time accesses obviously violates that for strings. Linus
Powered by blists - more mailing lists