lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZEZ117OMCi0dFXqY@nvidia.com>
Date:   Mon, 24 Apr 2023 09:28:07 -0300
From:   Jason Gunthorpe <jgg@...dia.com>
To:     Lorenzo Stoakes <lstoakes@...il.com>
Cc:     Christoph Hellwig <hch@...radead.org>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        Jens Axboe <axboe@...nel.dk>,
        Matthew Wilcox <willy@...radead.org>,
        Dennis Dalessandro <dennis.dalessandro@...nelisnetworks.com>,
        Leon Romanovsky <leon@...nel.org>,
        Christian Benvenuti <benve@...co.com>,
        Nelson Escobar <neescoba@...co.com>,
        Bernard Metzler <bmt@...ich.ibm.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...nel.org>,
        Namhyung Kim <namhyung@...nel.org>,
        Ian Rogers <irogers@...gle.com>,
        Adrian Hunter <adrian.hunter@...el.com>,
        Bjorn Topel <bjorn@...nel.org>,
        Magnus Karlsson <magnus.karlsson@...el.com>,
        Maciej Fijalkowski <maciej.fijalkowski@...el.com>,
        Jonathan Lemon <jonathan.lemon@...il.com>,
        "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Christian Brauner <brauner@...nel.org>,
        Richard Cochran <richardcochran@...il.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Jesper Dangaard Brouer <hawk@...nel.org>,
        John Fastabend <john.fastabend@...il.com>,
        linux-fsdevel@...r.kernel.org, linux-perf-users@...r.kernel.org,
        netdev@...r.kernel.org, bpf@...r.kernel.org,
        Oleg Nesterov <oleg@...hat.com>
Subject: Re: [PATCH v2] mm/gup: disallow GUP writing to file-backed mappings
 by default

On Mon, Apr 24, 2023 at 11:17:55AM +0100, Lorenzo Stoakes wrote:
> On Mon, Apr 24, 2023 at 02:43:56AM -0700, Christoph Hellwig wrote:
> > I'm pretty sure DIRECT I/O reads that write into file backed mappings
> > are out there in the wild.

I wonder if that is really the case? I know people tried this with
RDMA and it didn't get very far before testing uncovered data
corruption and kernel crashes.. Maybe O_DIRECT has a much smaller race
window so people can get away with it?

> I know Jason is keen on fixing this at a fundamental level and this flag is
> ultimately his suggestion, so it certainly doesn't stand in the way of this
> work moving forward.

Yeah, the point is to close it off, because while we wish it was
fixed properly, it isn't. We are still who knows how far away from it.

In the mean time this is a fairly simple way to oops the kernel,
especially with cases like io_uring and RDMA. So, I view it as a
security problem.

My general dislike was that io_uring protected itself from the
security problem and we left all the rest of the GUP users out to dry.

So, my suggestion was to mark the places where we want to allow this,
eg O_DIRECT, and block everwhere else. Lorenzo, I would significantly
par back the list you have.

I also suggest we force block it at some kernel lockdown level..

Alternatively, perhaps we abuse FOLL_LONGTERM and prevent it from
working with filebacked pages since, I think, the ease of triggering a
bug goes up the longer the pages are pinned.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ