| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJuCfpHRTGvctcEwXHd1bpfUiFa=A--zKmVBJggB5D9huPEdSA@mail.gmail.com>
Date: Fri, 9 May 2025 09:10:01 -0700
From: Suren Baghdasaryan <surenb@...gle.com>
To: David Wang <00107082@....com>
Cc: kent.overstreet@...ux.dev, akpm@...ux-foundation.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] alloc_tag: add timestamp to codetag iterator
On Thu, May 8, 2025 at 10:52 PM David Wang <00107082@....com> wrote:
>
> Codetag iterator use <id,address> pair to guarantee the
> validness. But both id and address can be reused, there is
> theoretical possibility when module inserted right after
> another module removed, kmalloc return an address kfree by
> previous module and IDR key reuse the key recently removed.
>
> Add timestamp to codetag_module and code_iterator, the
> timestamp is generated by a clock which is strickly
> incremented whenever a module is loaded. An iterator is
> valid if and only if its timestamp match codetag_module's.
>
> Signed-off-by: David Wang <00107082@....com>
> ---
> include/linux/codetag.h | 1 +
> lib/codetag.c | 12 ++++++++++--
> 2 files changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/codetag.h b/include/linux/codetag.h
> index d14dbd26b370..61d43c3fbd19 100644
> --- a/include/linux/codetag.h
> +++ b/include/linux/codetag.h
> @@ -54,6 +54,7 @@ struct codetag_iterator {
> struct codetag_module *cmod;
> unsigned long mod_id;
> struct codetag *ct;
> + unsigned long timestamp;
The way you implement this, it is not really a timestamp, more like a
unique id or sequence number. I would suggest calling it mod_seq or
something similar. Maybe: cttype->next_mod_seq, iter->mod_seq and
cmod->mod_seq.
> };
>
> #ifdef MODULE
> diff --git a/lib/codetag.c b/lib/codetag.c
> index 42aadd6c1454..973bfa5dd5db 100644
> --- a/lib/codetag.c
> +++ b/lib/codetag.c
> @@ -13,6 +13,8 @@ struct codetag_type {
> struct idr mod_idr;
> struct rw_semaphore mod_lock; /* protects mod_idr */
The comment above should be expanded to say that mod_lock also
protects accesses to cttype->clock, iter->timestamp and
cmod->timestamp.
> struct codetag_type_desc desc;
> + /* generates timestamp for module load */
> + unsigned long clock;
> };
>
> struct codetag_range {
> @@ -23,6 +25,7 @@ struct codetag_range {
> struct codetag_module {
> struct module *mod;
> struct codetag_range range;
> + unsigned long timestamp;
> };
>
> static DEFINE_MUTEX(codetag_lock);
> @@ -48,6 +51,7 @@ struct codetag_iterator codetag_get_ct_iter(struct codetag_type *cttype)
> .cmod = NULL,
> .mod_id = 0,
> .ct = NULL,
> + .timestamp = 0,
> };
>
> return iter;
> @@ -91,11 +95,13 @@ struct codetag *codetag_next_ct(struct codetag_iterator *iter)
> if (!cmod)
> break;
>
> - if (cmod != iter->cmod) {
> + if (!iter->cmod || iter->timestamp != cmod->timestamp) {
> iter->cmod = cmod;
> + iter->timestamp = cmod->timestamp;
> ct = get_first_module_ct(cmod);
> - } else
> + } else {
> ct = get_next_module_ct(iter);
> + }
>
> if (ct)
> break;
> @@ -190,6 +196,8 @@ static int codetag_module_init(struct codetag_type *cttype, struct module *mod)
> cmod->range = range;
>
> down_write(&cttype->mod_lock);
> + cttype->clock++;
> + cmod->timestamp = cttype->clock;
> err = idr_alloc(&cttype->mod_idr, cmod, 0, 0, GFP_KERNEL);
> if (err >= 0) {
> cttype->count += range_size(cttype, &range);
> --
> 2.39.2
>
Powered by blists - more mailing lists