| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 5 Mar 2022 13:26:35 +0800
From: Tianchen Ding <dtcccc@...ux.alibaba.com>
To: Marco Elver <elver@...gle.com>
Cc: Alexander Potapenko <glider@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
kasan-dev@...glegroups.com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 1/2] kfence: Allow re-enabling KFENCE after system
startup
On 2022/3/5 02:13, Marco Elver wrote:
> On Thu, 3 Mar 2022 at 04:15, Tianchen Ding <dtcccc@...ux.alibaba.com> wrote:
>>
>> If once KFENCE is disabled by:
>> echo 0 > /sys/module/kfence/parameters/sample_interval
>> KFENCE could never be re-enabled until next rebooting.
>>
>> Allow re-enabling it by writing a positive num to sample_interval.
>>
>> Signed-off-by: Tianchen Ding <dtcccc@...ux.alibaba.com>
>
> The only problem I see with this is if KFENCE was disabled because of
> a KFENCE_WARN_ON(). See below.
>
>> ---
>> mm/kfence/core.c | 16 ++++++++++++++--
>> 1 file changed, 14 insertions(+), 2 deletions(-)
>>
>> diff --git a/mm/kfence/core.c b/mm/kfence/core.c
>> index 13128fa13062..19eb123c0bba 100644
>> --- a/mm/kfence/core.c
>> +++ b/mm/kfence/core.c
>> @@ -55,6 +55,7 @@ EXPORT_SYMBOL_GPL(kfence_sample_interval); /* Export for test modules. */
>> #endif
>> #define MODULE_PARAM_PREFIX "kfence."
>>
>> +static int kfence_enable_late(void);
>> static int param_set_sample_interval(const char *val, const struct kernel_param *kp)
>> {
>> unsigned long num;
>> @@ -65,10 +66,11 @@ static int param_set_sample_interval(const char *val, const struct kernel_param
>>
>> if (!num) /* Using 0 to indicate KFENCE is disabled. */
>> WRITE_ONCE(kfence_enabled, false);
>> - else if (!READ_ONCE(kfence_enabled) && system_state != SYSTEM_BOOTING)
>> - return -EINVAL; /* Cannot (re-)enable KFENCE on-the-fly. */
>>
>> *((unsigned long *)kp->arg) = num;
>> +
>> + if (num && !READ_ONCE(kfence_enabled) && system_state != SYSTEM_BOOTING)
>
> Should probably have an 'old_sample_interval = *((unsigned long
> *)kp->arg)' somewhere before, and add a '&& !old_sample_interval',
> because if old_sample_interval!=0 then KFENCE was disabled due to a
> KFENCE_WARN_ON(). Also in this case, it should return -EINVAL. So you
> want a flow like this:
>
> old_sample_interval = ...;
> ...
> if (num && !READ_ONCE(kfence_enabled) && system_state != SYSTEM_BOOTING)
> return old_sample_interval ? -EINVAL : kfence_enable_late();
> ...
>
Because sample_interval will used by delayed_work, we must put setting
sample_interval before enabling KFENCE.
So the order would be:
old_sample_interval = sample_interval;
sample_interval = num;
if (...) kfence_enable_late();
This may be bypassed after KFENCE_WARN_ON() happens, if we first write
0, and then write 100 to it.
How about this one:
if (ret < 0)
return ret;
+ /* Cannot set sample_interval after KFENCE_WARN_ON(). */
+ if (unlikely(*((unsigned long *)kp->arg) && !READ_ONCE(kfence_enabled)))
+ return -EINVAL;
+
if (!num) /* Using 0 to indicate KFENCE is disabled. */
WRITE_ONCE(kfence_enabled, false);
> Thanks,
> -- Marco
Powered by blists - more mailing lists