lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAAhV-H5TKLMi0GSQmh9RFK_k5eNRwx8AE8MjMKjJfbnyVYP-+w@mail.gmail.com>
Date:   Tue, 17 Aug 2021 09:53:14 +0800
From:   Huacai Chen <chenhuacai@...il.com>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     Davidlohr Bueso <dave@...olabs.net>,
        Huacai Chen <chenhuacai@...ngson.cn>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Darren Hart <dvhart@...radead.org>,
        Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
        "open list:MIPS" <linux-mips@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Xuefeng Li <lixuefeng@...ngson.cn>,
        Jiaxun Yang <jiaxun.yang@...goat.com>,
        Hongchen Zhang <zhanghongchen@...ngson.cn>
Subject: Re: [PATCH] futex: Fix fault_in_user_writeable()

Hi, Davidlohr and Thomas,

On Tue, Aug 17, 2021 at 3:03 AM Thomas Gleixner <tglx@...utronix.de> wrote:
>
> On Mon, Aug 16 2021 at 11:27, Davidlohr Bueso wrote:
> > On Mon, 16 Aug 2021, Huacai Chen wrote:
> >
> >>fault_in_user_writeable() should verify R/W access but only verify W. In
> >>most archs W implies R, but not true in MIPS and LoongArch, so fix it.
> >
> > Yuck for a find_vma() in futex.c. If this is a problem in MIPS, shouldn't
> > the fix be there? Furthermore it's stated that fault_in_user_writeable():
> >
> > "Fault in user address and verify RW access"
>
> That seems to be wishful thinking given the fact that some architectures
> do not imply R for FLAG_FAULT_WRITE.
>
> > And you guys seem to have proposed it already:
> >
> > https://lore.kernel.org/linux-mips/20200630005845.1239974-1-liulichao@loongson.cn/
This works, but I don't think this is a MIPS problem, so does Thomas
Bogendoerfer. Because write-only page is valid in MIPS (so Thomas
rejected this patch).

>
> That's surely one way to fix that. If that does not work for whatever
> reason, then we really don't want this find_vma() hack there, but rather
> something like:
I don't know why find_vma() is unacceptable here, there is also
find_vma() in fixup_user_fault().

>
>     if (IS_ENABLED(CONFIG_ARCH_USER_FAULT_VOODOO) && get_user(&tmp, uaddr))
>         return -EFAULT;
get_user() may be better than find_vma(), but can we drop
CONFIG_ARCH_USER_FAULT_VOODOO here? On those "W implies R" archs,
get_user() always success, this can simplify the logic.

Huacai

>
> Thanks,
>
>         tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ