lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 15 Jun 2023 22:00:04 +0200
From:   Michał Mirosław <emmir@...gle.com>
To:     Muhammad Usama Anjum <usama.anjum@...labora.com>
Cc:     Peter Xu <peterx@...hat.com>, David Hildenbrand <david@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Andrei Vagin <avagin@...il.com>,
        Danylo Mocherniuk <mdanylo@...gle.com>,
        Paul Gofman <pgofman@...eweavers.com>,
        Cyrill Gorcunov <gorcunov@...il.com>,
        Mike Rapoport <rppt@...nel.org>, Nadav Amit <namit@...are.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Shuah Khan <shuah@...nel.org>,
        Christian Brauner <brauner@...nel.org>,
        Yang Shi <shy828301@...il.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        "Liam R . Howlett" <Liam.Howlett@...cle.com>,
        Yun Zhou <yun.zhou@...driver.com>,
        Suren Baghdasaryan <surenb@...gle.com>,
        Alex Sierra <alex.sierra@....com>,
        Matthew Wilcox <willy@...radead.org>,
        Pasha Tatashin <pasha.tatashin@...een.com>,
        Axel Rasmussen <axelrasmussen@...gle.com>,
        "Gustavo A . R . Silva" <gustavoars@...nel.org>,
        Dan Williams <dan.j.williams@...el.com>,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-mm@...ck.org, linux-kselftest@...r.kernel.org,
        Greg KH <gregkh@...uxfoundation.org>, kernel@...labora.com
Subject: Re: [PATCH v18 2/5] fs/proc/task_mmu: Implement IOCTL to get and
 optionally clear info about PTEs

On Thu, 15 Jun 2023 at 17:16, Muhammad Usama Anjum
<usama.anjum@...labora.com> wrote:
>
> Please review the v19. I hope to get your reviewed by tag soon.
>
> On 6/15/23 7:58 PM, Michał Mirosław wrote:
> > On Thu, 15 Jun 2023 at 16:52, Michał Mirosław <emmir@...gle.com> wrote:
> >> On Thu, 15 Jun 2023 at 15:58, Muhammad Usama Anjum
> >> <usama.anjum@...labora.com> wrote:
> >>> I'll send next revision now.
> >>> On 6/14/23 11:00 PM, Michał Mirosław wrote:
> >>>> (A quick reply to answer open questions in case they help the next version.)
> >>>>
> >>>> On Wed, 14 Jun 2023 at 19:10, Muhammad Usama Anjum
> >>>> <usama.anjum@...labora.com> wrote:
> >>>>> On 6/14/23 8:14 PM, Michał Mirosław wrote:
> >>>>>> On Wed, 14 Jun 2023 at 15:46, Muhammad Usama Anjum
> >>>>>> <usama.anjum@...labora.com> wrote:
> >>>>>>>
> >>>>>>> On 6/14/23 3:36 AM, Michał Mirosław wrote:
> >>>>>>>> On Tue, 13 Jun 2023 at 12:29, Muhammad Usama Anjum
> >>>>>>>> <usama.anjum@...labora.com> wrote:
> >>>>>>>> For flags name: PM_REQUIRE_WRITE_ACCESS?
> >>>>>>>> Or Is it intended to be checked only if doing WP (as the current name
> >>>>>>>> suggests) and so it would be redundant as WP currently requires
> >>>>>>>> `p->required_mask = PAGE_IS_WRITTEN`?
> >>>>>>> This is intended to indicate that if userfaultfd is needed. If
> >>>>>>> PAGE_IS_WRITTEN is mentioned in any of mask, we need to check if
> >>>>>>> userfaultfd has been initialized for this memory. I'll rename to
> >>>>>>> PM_SCAN_REQUIRE_UFFD.
> >>>>>>
> >>>>>> Why do we need that check? Wouldn't `is_written = false` work for vmas
> >>>>>> not registered via uffd?
> >>>>> UFFD_FEATURE_WP_ASYNC and UNPOPULATED needs to be set on the memory region
> >>>>> for it to report correct written values on the memory region. Without UFFD
> >>>>> WP ASYNC and UNPOUPULATED defined on the memory, we consider UFFD_WP state
> >>>>> undefined. If user hasn't initialized memory with UFFD, he has no right to
> >>>>> set is_written = false.
> >>>>
> >>>> How about calculating `is_written = is_uffd_registered() &&
> >>>> is_uffd_wp()`? This would enable a user to apply GET+WP for the whole
> >>>> address space of a process regardless of whether all of it is
> >>>> registered.
> >>> I wouldn't want to check if uffd is registered again and again. This is why
> >>> we are doing it only once every walk in pagemap_scan_test_walk().
> >>
> >> There is no need to do the checks repeatedly. If I understand the code
> >> correctly, uffd registration is per-vma, so it can be communicated
> >> from test_walk to entry/hole callbacks via a field in
> >> pagemap_scan_private.
> >
> > Actually... this could be exposed as a page category for the filter
> > (e.g. PAGE_USES_UFFD_WP) and then you could just make the ioctl() to
> > work for your usecase without tracking the ranges at the userspace
> > side.
> I'm not sure about page category. ASAIK the current check isn't bad when we
> already mention in documentation that memory must be registered with UFFD
> WP before using write feature of the IOCTL.

You could relax the (documentation) rule to be "WP works only on
ranges registeder via UFFD for ASYNC_WP". That way you allow people,
who don't read documentation to shoot their foot, but don't block
people that know what they are doing from exploiting the nice feature
that they don't need to track all the WP-registered ranges calling the
ioctl() for each one and instead can just call it once for the whole
address space.

Best Regards
Michał Mirosław

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ