lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3c92db94-3b62-a70b-8ace-f5e34e8f268f@molgen.mpg.de>
Date:   Fri, 24 Jul 2020 23:19:59 +0200
From:   Paul Menzel <pmenzel@...gen.mpg.de>
To:     Kees Cook <keescook@...omium.org>
Cc:     Mazin Rezk <mnrzk@...tonmail.com>, linux-kernel@...r.kernel.org,
        amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        Christian König <christian.koenig@....com>,
        Harry Wentland <Harry.Wentland@....com>,
        Nicholas Kazlauskas <nicholas.kazlauskas@....com>,
        sunpeng.li@....com, Alexander Deucher <Alexander.Deucher@....com>,
        1i5t5.duncan@....net, mphantomx@...oo.com.br,
        regressions@...mhuis.info, anthony.ruhier@...il.com
Subject: Re: [PATCH] amdgpu_dm: fix nonblocking atomic commit use-after-free


Dear Kees,


Am 24.07.20 um 19:33 schrieb Kees Cook:
> On Fri, Jul 24, 2020 at 09:45:18AM +0200, Paul Menzel wrote:
>> Am 24.07.20 um 00:32 schrieb Kees Cook:
>>> On Thu, Jul 23, 2020 at 09:10:15PM +0000, Mazin Rezk wrote:
>> As Linux 5.8-rc7 is going to be released this Sunday, I wonder, if commit
>> 3202fa62f ("slub: relocate freelist pointer to middle of object") should be
>> reverted for now to fix the regression for the users according to Linux’ no
>> regression policy. Once the AMDGPU/DRM driver issue is fixed, it can be
>> reapplied. I know it’s not optimal, but as some testing is going to be
>> involved for the fix, I’d argue it’s the best option for the users.
> 
> Well, the SLUB defense was already released in v5.7, so I'm not sure it
> really helps for amdgpu_dm users seeing it there too.

In my opinion, it would help, as the stable release could pick up the 
revert, ones it’s in Linus’ master branch.

> There was a fix to disable the async path for this driver that worked
> around the bug too, yes? That seems like a safer and more focused
> change that doesn't revert the SLUB defense for all users, and would
> actually provide a complete, I think, workaround whereas reverting
> the SLUB change means the race still exists. For example, it would be
> hit with slab poisoning, etc.

I do not know. If there is such a fix, that would be great. But if you 
do not know, how should a normal user? ;-)


Kind regards,

Paul


Kind regards,

Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ