lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 1 Mar 2019 10:37:04 -0800
From:   Dave Hansen <>
To:     Catalin Marinas <>,
        Andrey Konovalov <>
Cc:     Will Deacon <>,
        Mark Rutland <>,
        Robin Murphy <>,
        Kees Cook <>,
        Kate Stewart <>,
        Greg Kroah-Hartman <>,
        Andrew Morton <>,
        Ingo Molnar <>,
        "Kirill A . Shutemov" <>,
        Shuah Khan <>,
        Vincenzo Frascino <>,
        Linux ARM <>,
        "open list:DOCUMENTATION" <>,
        Linux Memory Management List <>,
        linux-arch <>,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        LKML <>,
        Dmitry Vyukov <>,
        Kostya Serebryany <>,
        Evgeniy Stepanov <>,
        Lee Smith <>,
        Ramana Radhakrishnan <>,
        Jacob Bramley <>,
        Ruben Ayrapetyan <>,
        Chintan Pandya <>,
        Luc Van Oostenryck <>,
        Dave Martin <>,
        Kevin Brodsky <>,
        Szabolcs Nagy <>
Subject: Re: [PATCH v10 07/12] fs, arm64: untag user pointers in

On 3/1/19 8:59 AM, Catalin Marinas wrote:
>>> So, we have to patch all these sites before the tagged values get to the
>>> point of hitting the vma lookup functions.  Dumb question: Why don't we
>>> just patch the vma lookup functions themselves instead of all of these
>>> callers?
>> That might be a working approach as well. We'll still need to fix up
>> places where the vma fields are accessed directly. Catalin, what do
>> you think?
> Most callers of find_vma*() always follow it by a check of
> vma->vma_start against some tagged address ('end' in the
> userfaultfd_(un)register()) case. So it's not sufficient to untag it in
> find_vma().

If that's truly the common case, sounds like we should have a find_vma()
that does the vma_end checking as well.  Then at least the common case
would not have to worry about tagging.

Powered by blists - more mailing lists