lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAHC9VhR5a8Wuj9hkgj2AgCGzk-3dmSHDoMr7AY1qOtLaPbj01Q@mail.gmail.com>
Date: Tue, 20 May 2025 19:46:46 -0400
From: Paul Moore <paul@...l-moore.com>
To: Christian Göttsche <cgzones@...glemail.com>
Cc: Cai Xinchen <caixinchen1@...wei.com>, linux-kernel@...r.kernel.org, 
	selinux@...r.kernel.org, stephen.smalley.work@...il.com, omosnace@...hat.com, 
	ericsu@...ux.microsoft.com
Subject: Re: [PATCH] SELinux: Add check for the user data passed to kcalloc in hashtab_init

On Tue, May 6, 2025 at 4:14 AM Christian Göttsche
<cgzones@...glemail.com> wrote:
> May 6, 2025 09:20:51 Cai Xinchen <caixinchen1@...wei.com>:
>
> > When the user writes some data to the file /sys/fs/selinux/policy,
> > there is no check for the user buf passed to kcalloc. Syzkaller shows
> > this warning:
> > WARNING: CPU: 1 PID: 6642 at mm/page_alloc.c
> >
> > __alloc_pages_noprof
> > ___kmalloc_large_node
> > __kmalloc_large_node_noprof
> > __kmalloc_noprof
> > hashtab_init
> > common_read
> > policydb_read
> > security_load_policy
> > sel_write_load
> > vfs_write
> > ksys_write
> > do_syscall_64
> >
> > This warning can be reproduced by writing this content to
> > /sys/fs/selinux/policy
> > 8cff7cf9 08000000 5345204c 696e7578 15000000 e0ff962a 08000000 07000000
> > 4cf523cd 7eec2688 6d70a6b7 c78b496f 1a0a192c ea34ff41 70581a74 3ff0cfb9
> > 7ea0f0d1 70d1fe14 41c2f7c8 ea1c78dd 17a19249 35210081 a83c30ec 4171450b
> > fc1de12c fe1ff342 a887
> >
> > Add check to prevent the size passed to kcalloc larger than MAX_PAGE_ORDER
> > after get_order.
>
> This might be similar to https://lore.kernel.org/selinux/20241216164055.96267-12-cgoettsche@seltendoof.de/
>
> I'll try to respin that patch set in time.

Or we just use _GFP_NOWARN which I believe should quiet the warning
without having to do a lot of extra work.

If someone wanted to track down all of the different allocations that
can be triggered from a policy load and mark them all as NOWARN, I
think that would be time well spent.

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ