| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190226231747.z3lc6yr6xmrw5q2z@ltop.local>
Date: Wed, 27 Feb 2019 00:17:49 +0100
From: Luc Van Oostenryck <luc.vanoostenryck@...il.com>
To: Andrey Konovalov <andreyknvl@...gle.com>
Cc: Dave Hansen <dave.hansen@...el.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Mark Rutland <mark.rutland@....com>,
Robin Murphy <robin.murphy@....com>,
Kees Cook <keescook@...omium.org>,
Kate Stewart <kstewart@...uxfoundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Ingo Molnar <mingo@...nel.org>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Shuah Khan <shuah@...nel.org>,
Vincenzo Frascino <vincenzo.frascino@....com>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
Linux Memory Management List <linux-mm@...ck.org>,
linux-arch <linux-arch@...r.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
Kostya Serebryany <kcc@...gle.com>,
Evgeniy Stepanov <eugenis@...gle.com>,
Lee Smith <Lee.Smith@....com>,
Ramana Radhakrishnan <Ramana.Radhakrishnan@....com>,
Jacob Bramley <Jacob.Bramley@....com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@....com>,
Chintan Pandya <cpandya@...eaurora.org>,
Dave Martin <Dave.Martin@....com>,
Kevin Brodsky <kevin.brodsky@....com>,
Szabolcs Nagy <Szabolcs.Nagy@....com>
Subject: Re: [PATCH v10 00/12] arm64: untag user pointers passed to the kernel
On Tue, Feb 26, 2019 at 06:18:25PM +0100, Andrey Konovalov wrote:
> On Fri, Feb 22, 2019 at 11:55 PM Dave Hansen <dave.hansen@...el.com> wrote:
> >
> > On 2/22/19 4:53 AM, Andrey Konovalov wrote:
> > > The following testing approaches has been taken to find potential issues
> > > with user pointer untagging:
> > >
> > > 1. Static testing (with sparse [3] and separately with a custom static
> > > analyzer based on Clang) to track casts of __user pointers to integer
> > > types to find places where untagging needs to be done.
> >
> > First of all, it's really cool that you took this approach. Sounds like
> > there was a lot of systematic work to fix up the sites in the existing
> > codebase.
> >
> > But, isn't this a _bit_ fragile going forward? Folks can't just "make
> > sparse" to find issues with missing untags.
>
> Yes, this static approach can only be used as a hint to find some
> places where untagging is needed, but certainly not all.
>
> > This seems like something
> > where we would ideally add an __tagged annotation (or something) to the
> > source tree and then have sparse rules that can look for missed untags.
>
> This has been suggested before, search for __untagged here [1].
> However there are many places in the kernel where a __user pointer is
> casted into unsigned long and passed further. I'm not sure if it's
> possible apply a __tagged/__untagged kind of attribute to non-pointer
> types, is it?
>
> [1] https://patchwork.kernel.org/patch/10581535/
It's something that should need to be added to sparse since it's
different from what sparse already have (the existing __bitwise and
concept of address-space doesn't seem to do the job here).
-- Luc Van Oostenryck
Powered by blists - more mailing lists