lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7c3bfb87-40e8-45ef-86a7-53f02053d9b3@csgroup.eu>
Date: Wed, 25 Sep 2024 09:09:00 +0200
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: Vincenzo Frascino <vincenzo.frascino@....com>,
 linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, linux-mm@...ck.org
Cc: Andy Lutomirski <luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
 "Jason A . Donenfeld" <Jason@...c4.com>,
 Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>,
 Naveen N Rao <naveen@...nel.org>, Ingo Molnar <mingo@...hat.com>,
 Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
 "H . Peter Anvin" <hpa@...or.com>, Theodore Ts'o <tytso@....edu>,
 Arnd Bergmann <arnd@...db.de>, Andrew Morton <akpm@...ux-foundation.org>,
 Steven Rostedt <rostedt@...dmis.org>, Masami Hiramatsu
 <mhiramat@...nel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
Subject: Re: [PATCH v2 8/8] vdso: Modify getrandom to include the correct
 namespace.



Le 23/09/2024 à 16:19, Vincenzo Frascino a écrit :
> The VDSO implementation includes headers from outside of the
> vdso/ namespace.
> 
> Modify getrandom to take advantage of the refactoring done in the
> previous patches and to include only the vdso/ namespace.
> 
> Cc: Andy Lutomirski <luto@...nel.org>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: Jason A. Donenfeld <Jason@...c4.com>
> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@....com>
> ---
>   include/vdso/datapage.h |  1 +
>   lib/vdso/getrandom.c    | 22 +++++++++++-----------
>   2 files changed, 12 insertions(+), 11 deletions(-)
> 
> diff --git a/include/vdso/datapage.h b/include/vdso/datapage.h
> index b7d6c71f20c1..127f0c51bf01 100644
> --- a/include/vdso/datapage.h
> +++ b/include/vdso/datapage.h
> @@ -5,6 +5,7 @@
>   #ifndef __ASSEMBLY__
>   
>   #include <linux/compiler.h>
> +#include <linux/build_bug.h>

What in this datapage.h requires this build_bug header ?

>   #include <uapi/linux/time.h>
>   #include <uapi/linux/types.h>
>   #include <uapi/asm-generic/errno-base.h>
> diff --git a/lib/vdso/getrandom.c b/lib/vdso/getrandom.c
> index 938ca539aaa6..e15d3cf768c9 100644
> --- a/lib/vdso/getrandom.c
> +++ b/lib/vdso/getrandom.c
> @@ -3,19 +3,19 @@
>    * Copyright (C) 2022-2024 Jason A. Donenfeld <Jason@...c4.com>. All Rights Reserved.
>    */
>   
> -#include <linux/array_size.h>
> -#include <linux/minmax.h>
>   #include <vdso/datapage.h>
>   #include <vdso/getrandom.h>
>   #include <vdso/unaligned.h>
> -#include <asm/vdso/getrandom.h>
> -#include <uapi/linux/mman.h>
> -#include <uapi/linux/random.h>
> +#include <vdso/mman.h>

This change is not needed, asm/vdso/getrandom.h is in VDSO namespace, 
and the other two are UAPI headers which must be safe to include in VDSO 
code as VDSO code in userland code.

> +#include <vdso/page.h>
>   
> -#undef PAGE_SIZE
> -#undef PAGE_MASK
> -#define PAGE_SIZE (1UL << CONFIG_PAGE_SHIFT)
> -#define PAGE_MASK (~(PAGE_SIZE - 1))
> +#ifndef ARRAY_SIZE
> +#define ARRAY_SIZE(x)	(sizeof(x) / sizeof(*x))
> +#endif
> +
> +#ifndef min_t
> +#define min_t(type,a,b)	((type)(a) < (type)(b) ? (type)(a) : (type)(b))
> +#endif

Would be better to force undefine/redefine ARRAY_SIZE and min_t instead 
of defining them only when they don't exist already.

>   
>   #define MEMCPY_AND_ZERO_SRC(type, dst, src, len) do {				\
>   	while (len >= sizeof(type)) {						\
> @@ -79,8 +79,8 @@ __cvdso_getrandom_data(const struct vdso_rng_data *rng_info, void *buffer, size_
>   	if (unlikely(opaque_len == ~0UL && !buffer && !len && !flags)) {
>   		struct vgetrandom_opaque_params *params = opaque_state;
>   		params->size_of_opaque_state = sizeof(*state);
> -		params->mmap_prot = PROT_READ | PROT_WRITE;
> -		params->mmap_flags = MAP_DROPPABLE | MAP_ANONYMOUS;
> +		params->mmap_prot = VDSO_MMAP_PROT;
> +		params->mmap_flags = VDSO_MMAP_FLAGS;

At the time being the flags and prot are the same for all architectures, 
there is no point in introducing VDSO_MMAP_PROT and VDSO_MMAP_FLAGS. 
Maybe one day that may be needed, but until that day nothing should be 
changed, unless you already have in mind and describe an architecture 
that will need that.

Christophe

>   		for (size_t i = 0; i < ARRAY_SIZE(params->reserved); ++i)
>   			params->reserved[i] = 0;
>   		return 0;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ