lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 7 May 2024 12:10:07 +0200
From: Christian König <christian.koenig@....com>
To: "T.J. Mercier" <tjmercier@...gle.com>,
 Charan Teja Kalla <quic_charante@...cinc.com>
Cc: zhiguojiang <justinjiang@...o.com>, Sumit Semwal
 <sumit.semwal@...aro.org>, linux-media@...r.kernel.org,
 dri-devel@...ts.freedesktop.org, linaro-mm-sig@...ts.linaro.org,
 linux-kernel@...r.kernel.org, opensource.kernel@...o.com
Subject: Re: [PATCH] dmabuf: fix dmabuf file poll uaf issue

Am 06.05.24 um 21:04 schrieb T.J. Mercier:
> On Mon, May 6, 2024 at 2:30 AM Charan Teja Kalla
> <quic_charante@...cinc.com> wrote:
>> Hi TJ,
>>
>> Seems I have got answers from [1], where it is agreed upon epoll() is
>> the source of issue.
>>
>> Thanks a lot for the discussion.
>>
>> [1] https://lore.kernel.org/lkml/0000000000002d631f0615918f1e@google.com/
>>
>> Thanks
>> Charan
> Oh man, quite a set of threads on this over the weekend. Thanks for the link.

Yeah and it also has some interesting side conclusion: We should 
probably tell people to stop using DMA-buf with epoll.

The background is that the mutex approach epoll uses to make files 
disappear from the interest list on close results in the fact that each 
file can only be part of a single epoll at a time.

Now since DMA-buf is build around the idea that we share the buffer 
representation as file between processes it means that only one process 
at a time can use epoll with each DMA-buf.

So for example if a window manager uses epoll everything is fine. If a 
client is using epoll everything is fine as well. But if *both* use 
epoll at the same time it won't work.

This can lead to rather funny and hard to debug combinations of failures 
and I think we need to document this limitation and explicitly point it out.

Regards,
Christian.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ