lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 21 Oct 2021 11:02:14 -0500
From:   ebiederm@...ssion.com (Eric W. Biederman)
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     <linux-kernel@...r.kernel.org>, Alexey Gladkov <legion@...nel.org>,
        Rune Kleveland <rune.kleveland@...omedia.dk>,
        Yu Zhao <yuzhao@...gle.com>,
        Jordan Glover <Golden_Miller83@...tonmail.ch>,
        Antoine Martin <antoine@...afix.co.uk>,
        David Howells <dhowells@...hat.com>,
        Jarkko Sakkinen <jarkko@...nel.org>
Subject: [GIT PULL] ucount fixes for v5.15


Linus,

Please pull the ucount-fixes-for-v5.15 branch from the git tree:

  git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git ucount-fixes-for-v5.15

  HEAD: 5ebcbe342b1c12fae44b4f83cbeae1520e09857e ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring

There has been one very hard to track down bug in the ucount code that
we have been tracking since roughly v5.14 was released.  Alex managed to
find a reliable reproducer a few days ago and then I was able to
instrument the code and figure out what the issue was.

It turns out the sigqueue_alloc single atomic operation optimization did
not play nicely with ucounts multiple level rlimits.  It turned out that
either sigqueue_alloc or sigqueue_free could be operating on multiple
levels and trigger the conditions for the optimization on more than one
level at the same time.

To deal with that situation I have introduced inc_rlimit_get_ucounts
and dec_rlimit_put_ucounts that just focuses on the optimization and
the rlimit and ucount changes.

While looking into the big bug I found I couple of other little issues
so I am including those fixes here as well.


When I have time I would very much like to dig into process ownership of
the shared signal queue and see if we could pick a single owner for the
entire queue so that all of the rlimits can count to that owner.  Which
should entirely remove the need to call get_ucounts and put_ucounts
in sigqueue_alloc and sigqueue_free.  It is difficult because Linux
unlike POSIX supports setuid that works on a single thread.

Eric W. Biederman (4):
      ucounts: Fix signal ucount refcounting
      ucounts: Pair inc_rlimit_ucounts with dec_rlimit_ucoutns in commit_creds
      ucounts: Proper error handling in set_cred_ucounts
      ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring

 kernel/cred.c                | 9 ++++-----
 security/keys/process_keys.c | 8 ++++++++
 2 files changed, 12 insertions(+), 5 deletions(-)

Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ