[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241002100555.0b269e16@gandalf.local.home>
Date: Wed, 2 Oct 2024 10:05:55 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Florian Weimer <fweimer@...hat.com>
Cc: Indu Bhagat <indu.bhagat@...cle.com>, Josh Poimboeuf
<jpoimboe@...nel.org>, x86@...nel.org, Peter Zijlstra
<peterz@...radead.org>, Ingo Molnar <mingo@...nel.org>, Arnaldo Carvalho de
Melo <acme@...nel.org>, linux-kernel@...r.kernel.org, Mark Rutland
<mark.rutland@....com>, Alexander Shishkin
<alexander.shishkin@...ux.intel.com>, Jiri Olsa <jolsa@...nel.org>,
Namhyung Kim <namhyung@...nel.org>, Ian Rogers <irogers@...gle.com>, Adrian
Hunter <adrian.hunter@...el.com>, linux-perf-users@...r.kernel.org, Mark
Brown <broonie@...nel.org>, linux-toolchains@...r.kernel.org, Jordan Rome
<jordalgo@...a.com>, Sam James <sam@...too.org>
Subject: Re: [PATCH v2 03/11] unwind: Introduce SFrame user space unwinding
On Wed, 02 Oct 2024 10:18:21 +0200
Florian Weimer <fweimer@...hat.com> wrote:
>
> I don't quite understand, sorry.
>
> Doing a binary search on an unordered table fails to find some entries
> that could be discovered by a linear scan. But an attacker could just
> as well use an incomplete table from the start. So assuming an ordered
> table seems rather unlikely to introduce additional problems. (Given
> the lack of a formal threat model, it's impossible to make more precise
> claims in either direction.)
Basically, the idea is if anything is out of place, scrap the entire
process. An unordered table can give unpredictable results, that could be
used latter as a gadget. If the kernel expects a sorted table and it ends
up not being sorted, it should automatically flag it as corrupt and stop
all processing.
The kernel doesn't need to scan the entire table each time to see if it is
sorted, that would kill the point of it being sorted in the first place.
But it can check that the values merge towards a correct answer. All it
needs to do is keep track of the current highest and lowest values, and if
it finds something outside that range, it should abort immediately.
The effort needed to validate is very low, so it should be done.
-- Steve
Powered by blists - more mailing lists