| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 01 May 2013 18:08:05 +1000 From: Benjamin Herrenschmidt <benh@...nel.crashing.org> To: David Miller <davem@...emloft.net> Cc: eric.dumazet@...il.com, netdev@...r.kernel.org, paulus@...ba.org, ambrose@...gle.com, linuxppc-dev@...ts.ozlabs.org Subject: Re: [PATCH net-next] af_unix: fix a fatal race with bit fields On Wed, 2013-05-01 at 03:36 -0400, David Miller wrote: > From: Benjamin Herrenschmidt <benh@...nel.crashing.org> > Date: Wed, 01 May 2013 11:39:53 +1000 > > > I'm not even completely certain bytes are safe to be honest, though > > probably more than bitfields. I'll poke our compiler people. > > Older Alpha only has 32-bit and 64-bit loads and stores, so byte sized > accesses are not atomic, and therefore use racey read-modify-write > sequences. In this case it depends whether the compiler will "chose" the smaller (32-bit) size which hopefully won't overlap with the atomic/lock provided the latter is aligned... lots of if's here, makes me nervous... At least the bytes seem to fix it for ppc64 so far... It would make feel generally better if we could get gcc to guarantee us to always use the smallest access size that encompass the whole bitfield (or at least not go larger than int when the bitfield is defined as unsigned int). This would take care of all the cases we haven't spotted yet (hopefully). For all intend and purposes those two fields are bits of an unsigned int, why the heck would the compiler use a larger access size anyway ? I seem to recall that we have other places where such an assumption is made that ints are accessed atomically, and Linus stating in the past that a compiler doing anything else was not worth bothering with. I don't see why bitfields of such int would be an exception to that rule (though again, this is probably not a rule stated in the standard ... oh well). /me goes have a glass of wine and not think about this until tomorrow. Cheers, Ben. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists