lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <66c72938-912c-5167-fdb1-bffefe1db0c9@linux.alibaba.com>
Date:   Thu, 15 Jun 2023 17:08:31 +0800
From:   Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
To:     Jarkko Sakkinen <jarkko@...nel.org>,
        Mimi Zohar <zohar@...ux.ibm.com>,
        Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
        Paul Moore <paul@...l-moore.com>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] integrity: Fix possible multiple allocation in
 integrity_inode_get()

Hi Jarkko,

On 6/9/23 10:24 PM, Jarkko Sakkinen wrote:
> On Thu Jun 1, 2023 at 9:42 AM EEST, Tianjia Zhang wrote:
>> When integrity_inode_get() is querying and inserting the cache, there
>> is a conditional race in the concurrent environment.
>>
>> The race condition is the result of not properly implementing
>> "double-checked locking". In this case, it first checks to see if the
>> iint cache record exists before taking the lock, but doesn't check
>> again after taking the integrity_iint_lock.
>>
>> Fixes: bf2276d10ce5 ("ima: allocating iint improvements")
>> Signed-off-by: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
>> Cc: Dmitry Kasatkin <dmitry.kasatkin@...il.com>
>> Cc: <stable@...r.kernel.org> # v3.10+
> 
> s/v3.10/v4.14/
> 
> I.e. cover only currently maintained longterms, right?
> 

Yes, the race condition was indeed introduced in 3.10, but the fix is
estimated to only cover the LTS version.

> 
>> ---
>>   security/integrity/iint.c | 15 +++++++++------
>>   1 file changed, 9 insertions(+), 6 deletions(-)
>>
>> diff --git a/security/integrity/iint.c b/security/integrity/iint.c
>> index c73858e8c6d5..a462df827de2 100644
>> --- a/security/integrity/iint.c
>> +++ b/security/integrity/iint.c
>> @@ -43,12 +43,10 @@ static struct integrity_iint_cache *__integrity_iint_find(struct inode *inode)
>>   		else if (inode > iint->inode)
>>   			n = n->rb_right;
>>   		else
>> -			break;
>> +			return iint;
>>   	}
>> -	if (!n)
>> -		return NULL;
>>   
>> -	return iint;
>> +	return NULL;
>>   }
>>   
>>   /*
>> @@ -113,10 +111,15 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode)
>>   		parent = *p;
>>   		test_iint = rb_entry(parent, struct integrity_iint_cache,
>>   				     rb_node);
>> -		if (inode < test_iint->inode)
>> +		if (inode < test_iint->inode) {
>>   			p = &(*p)->rb_left;
>> -		else
>> +		} else if (inode > test_iint->inode) {
>>   			p = &(*p)->rb_right;
>> +		} else {
>> +			write_unlock(&integrity_iint_lock);
>> +			kmem_cache_free(iint_cache, iint);
>> +			return test_iint;
>> +		}
>>   	}
>>   
>>   	iint->inode = inode;
>> -- 
>> 2.24.3 (Apple Git-128)
> 
> Mimi, are you picking this?

Mimi has picked this patch in next-integrity.

> 
> Off-topic: how do you compile kernel on macOS, you're using VM right?
> I'm just interested because I recently bought Mac mini for both
> compiling and testing arm64. Optimal would be to be able to compile
> the kernel on bare metal and then deploy to a VM...
> 

I am currently only coding and sending the final patch on a Mac.
Compilation and testing are still carried out in the linux environment.
If you have experience in launching a linux VM on macOS, please share it
with me, thanks.

Best regards,
Tianjia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ