| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Sep 2021 08:28:34 -0700
From: Suren Baghdasaryan <surenb@...gle.com>
To: Michal Hocko <mhocko@...e.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Colin Cross <ccross@...gle.com>,
Sumit Semwal <sumit.semwal@...aro.org>,
Dave Hansen <dave.hansen@...el.com>,
Kees Cook <keescook@...omium.org>,
Matthew Wilcox <willy@...radead.org>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Vlastimil Babka <vbabka@...e.cz>,
Johannes Weiner <hannes@...xchg.org>,
Jonathan Corbet <corbet@....net>,
Al Viro <viro@...iv.linux.org.uk>,
Randy Dunlap <rdunlap@...radead.org>,
Kalesh Singh <kaleshsingh@...gle.com>,
Peter Xu <peterx@...hat.com>, rppt@...nel.org,
Peter Zijlstra <peterz@...radead.org>,
Catalin Marinas <catalin.marinas@....com>,
vincenzo.frascino@....com,
Chinwen Chang (張錦文)
<chinwen.chang@...iatek.com>,
Axel Rasmussen <axelrasmussen@...gle.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Jann Horn <jannh@...gle.com>, apopple@...dia.com,
John Hubbard <jhubbard@...dia.com>,
Yu Zhao <yuzhao@...gle.com>, Will Deacon <will@...nel.org>,
fenghua.yu@...el.com, thunder.leizhen@...wei.com,
Hugh Dickins <hughd@...gle.com>, feng.tang@...el.com,
Jason Gunthorpe <jgg@...pe.ca>, Roman Gushchin <guro@...com>,
Thomas Gleixner <tglx@...utronix.de>, krisman@...labora.com,
chris.hyser@...cle.com, Peter Collingbourne <pcc@...gle.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Jens Axboe <axboe@...nel.dk>, legion@...nel.org,
Rolf Eike Beer <eb@...ix.com>,
Muchun Song <songmuchun@...edance.com>,
Viresh Kumar <viresh.kumar@...aro.org>,
Thomas Cedeno <thomascedeno@...gle.com>, sashal@...nel.org,
cxfcosmos@...il.com, Rasmus Villemoes <linux@...musvillemoes.dk>,
LKML <linux-kernel@...r.kernel.org>,
linux-fsdevel@...r.kernel.org, linux-doc@...r.kernel.org,
linux-mm <linux-mm@...ck.org>,
kernel-team <kernel-team@...roid.com>
Subject: Re: [PATCH v8 2/3] mm: add a field to store names for private
anonymous memory
On Wed, Sep 1, 2021 at 1:09 AM 'Michal Hocko' via kernel-team
<kernel-team@...roid.com> wrote:
>
> On Fri 27-08-21 12:18:57, Suren Baghdasaryan wrote:
> [...]
> > Userspace can set the name for a region of memory by calling
> > prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name);
> > Setting the name to NULL clears it.
>
> Maybe I am missing this part but I do not see this being handled
> anywhere.
It's handled in replace_vma_anon_name(). When name==NULL we call
free_vma_anon_name() which frees and resets anon_name pointer. Except
that, as you noticed, the check after strndup_user() will prevent NULL
to be passed here. I forgot to test this case after conversion to
strndup_user() and missed this important point. Thanks for pointing it
out. Will fix and retest.
>
> [...]
> > @@ -3283,5 +3283,16 @@ static inline int seal_check_future_write(int seals, struct vm_area_struct *vma)
> > return 0;
> > }
> >
> > +#ifdef CONFIG_ADVISE_SYSCALLS
> > +int madvise_set_anon_name(struct mm_struct *mm, unsigned long start,
> > + unsigned long len_in, const char *name);
> > +#else
> > +static inline int
> > +madvise_set_anon_name(struct mm_struct *mm, unsigned long start,
> > + unsigned long len_in, const char *name) {
> > + return 0;
> > +}
> > +#endif
>
> You want to make this depend on CONFIG_PROC_FS.
Ack.
>
> [...]
> > +#ifdef CONFIG_MMU
> > +
> > +#define ANON_VMA_NAME_MAX_LEN 64
> > +
> > +static int prctl_set_vma(unsigned long opt, unsigned long addr,
> > + unsigned long size, unsigned long arg)
> > +{
> > + struct mm_struct *mm = current->mm;
> > + char *name, *pch;
> > + int error;
> > +
> > + switch (opt) {
> > + case PR_SET_VMA_ANON_NAME:
> > + name = strndup_user((const char __user *)arg,
> > + ANON_VMA_NAME_MAX_LEN);
> > +
> > + if (IS_ERR(name))
> > + return PTR_ERR(name);
>
> unless I am missing something NULL name would lead to an error rather
> than a name clearing as advertised above.
Correct, I missed that. Will fix.
>
> > +
> > + for (pch = name; *pch != '\0'; pch++) {
> > + if (!isprint(*pch)) {
> > + kfree(name);
> > + return -EINVAL;
> > + }
> > + }
> > +
> > + mmap_write_lock(mm);
> > + error = madvise_set_anon_name(mm, addr, size, name);
> > + mmap_write_unlock(mm);
> > + kfree(name);
> > + break;
> > + default:
> > + error = -EINVAL;
> > + }
> > +
> > + return error;
> --
> Michal Hocko
> SUSE Labs
>
> --
> To unsubscribe from this group and stop receiving emails from it, send an email to kernel-team+unsubscribe@...roid.com.
>
Powered by blists - more mailing lists