| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240611115133.fa80466e924ad34ed4ad73cb@linux-foundation.org> Date: Tue, 11 Jun 2024 11:51:33 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Aleksandr Nogikh <nogikh@...gle.com> Cc: dvyukov@...gle.com, andreyknvl@...il.com, arnd@...db.de, elver@...gle.com, glider@...gle.com, syzkaller@...glegroups.com, kasan-dev@...glegroups.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH] kcov: don't lose track of remote references during softirqs On Tue, 11 Jun 2024 15:32:29 +0200 Aleksandr Nogikh <nogikh@...gle.com> wrote: > In kcov_remote_start()/kcov_remote_stop(), we swap the previous KCOV > metadata of the current task into a per-CPU variable. However, the > kcov_mode_enabled(mode) check is not sufficient in the case of remote > KCOV coverage: current->kcov_mode always remains KCOV_MODE_DISABLED > for remote KCOV objects. > > If the original task that has invoked the KCOV_REMOTE_ENABLE ioctl > happens to get interrupted and kcov_remote_start() is called, it > ultimately leads to kcov_remote_stop() NOT restoring the original > KCOV reference. So when the task exits, all registered remote KCOV > handles remain active forever. > > Fix it by introducing a special kcov_mode that is assigned to the > task that owns a KCOV remote object. It makes kcov_mode_enabled() > return true and yet does not trigger coverage collection in > __sanitizer_cov_trace_pc() and write_comp_data(). What are the userspace visible effects of this bug? I *think* it's just an efficiency thing, but how significant? In other words, should we backport this fix?
Powered by blists - more mailing lists