lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <816A9750-D2A3-4BC8-88A6-41BFAA6A1540@oracle.com>
Date:   Wed, 14 Nov 2018 15:50:05 -0700
From:   William Kucharski <william.kucharski@...cle.com>
To:     "Isaac J. Manjarres" <isaacm@...eaurora.org>
Cc:     David Laight <David.Laight@...lab.com>,
        Kees Cook <keescook@...omium.org>, crecklin@...hat.com,
        linux-mm@...ck.org, linux-kernel@...r.kernel.org,
        psodagud@...eaurora.org, tsoni@...eaurora.org,
        stable@...r.kernel.org
Subject: Re: [PATCH] mm/usercopy: Use memory range to be accessed for
 wraparound check



> On Nov 14, 2018, at 10:32 AM, isaacm@...eaurora.org wrote:
> 
> Thank you and David for your feedback. The check_bogus_address() routine is only invoked from one place in the kernel, which is __check_object_size(). Before invoking check_bogus_address, __check_object_size ensures that n is non-zero, so it is not possible to call this routine with n being 0. Therefore, we shouldn't run into the scenario you described. Also, in the case where we are copying a page's contents into a kernel space buffer and will not have that buffer interacting with userspace at all, this change to that check should still be valid, correct?

Having fixed more than one bug resulting from a "only called in one place" routine later being called elsewhere,
I am wary, but ultimately it's likely not worth the performance hit of a check or BUG_ON().

It's a generic math check for overflow, so it should work with any address.

Reviewed-by: William Kucharski <william.kucharski@...cle.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ