Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
|
| |||||||||||
Stable kernel 2.6.25.11Stable kernel 2.6.25.11Posted Jul 14, 2008 10:24 UTC (Mon) by PaXTeam (subscriber, #24616)In reply to: Stable kernel 2.6.25.11 by leonov Parent article: Stable kernel 2.6.25.11
you might want to be careful with pagemap: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-... . incidentally, that commit fixes security bugs without a corresponding stable commit, not to mention CVE. business as usual, i guess.
(Log in to post comments)
Stable kernel 2.6.25.11 Posted Jul 14, 2008 10:49 UTC (Mon) by nix (subscriber, #2304) [Link] What part of 'say it on the linux-kernel mailing list, not a random website' are you having such difficulty grasping?
Stable kernel 2.6.25.11 Posted Jul 14, 2008 11:46 UTC (Mon) by PaXTeam (subscriber, #24616) [Link] which part of 'Please try to be polite, respectful, and informative, and to provide a useful subject line.' are you having such difficulty grasping? ;) on a more serious note, did you mean http://marc.info/?l=linux-kernel&m=121537589606125 and the non-existent answers to my questions?
Stable kernel 2.6.25.11 Posted Jul 14, 2008 11:51 UTC (Mon) by nix (subscriber, #2304) [Link] Well, Greg or someone on the stable team will have to answer that, but the stable team's job as I've always understood it is to aggregate changes that other people send them that might have stability impact and release them, *not* to engage in analyses of those changes. If the original committer doesn't say that something has security impact, there's no guarantee that anything will in the stable tree either. It's not as if they're getting paid for doing this (and I'd appreciate it if you didn't annoy them so much that they stopped doing it: having no stable tree at all would be much worse than having one without CVE info). Maybe this is not ideal but, as far as I know, it's the way things are. (If I'm talking rubbish, someone who knows will doubtless comment.)
Stable kernel 2.6.25.11 Posted Jul 14, 2008 12:16 UTC (Mon) by PaXTeam (subscriber, #24616) [Link]
> *not* to engage in analyses of those changes
FYI, Documentation/stable_kernel_rules.txt says among others:
- Security patches will be accepted into the -stable tree directly from the
security kernel team, and not go through the normal review cycle.
Contact the kernel security team for more details on this procedure.
i.e., the stable guys don't need to "engage in analyses".
> If the original committer doesn't say that something has security
> impact, there's no guarantee that anything will in the stable tree
> either.
and what if he says so? did you even bother reading the commit i pointed out? it has the
following trigger words (that's already a surprise considering how they're suppressed
normally, just look at this .25.11 stable release commit itself): 'oops', 'integer
wraparound', 'when you don't have permissions'. the question you should be asking is why this
commit wasn't forwarded to the stable people for inclusion.
> It's not as if they're getting paid for doing this
they are. every one of them is employed by Novell/Red Hat/etc and gets paid to do Linux work,
including stable work. the hobby (free time) linux hacker myth has been dead for over a
decade.
> and I'd appreciate it if you didn't annoy them so much that they stopped
> doing it:
that's not how things work in real life.
> having no stable tree at all would be much worse than having one without
> CVE info
and what about having a stable tree without, err, actual stable fixes? you know, like the one
i pointed out.
Stable kernel 2.6.25.11 Posted Jul 14, 2008 12:46 UTC (Mon) by nix (subscriber, #2304) [Link] >> having no stable tree at all would be much worse than having one >> without CVE info > and what about having a stable tree without, err, actual stable fixes? > you know, like the one i pointed out. If the change wasn't forwarded to stable@, it won't get considered unless the stable@ guys happen to spot it by chance.
Stable kernel 2.6.25.11 Posted Jul 14, 2008 14:47 UTC (Mon) by jebba (subscriber, #4439) [Link] Perhaps his audience isn't LKML but other linux users. This isn't just some "random" website. I personally am very appreciative of all the comments the paxteam has been making here because I know I'll never be able to keep up with LKML. Keep it up! -Jeff
Stable kernel 2.6.25.11 Posted Jul 14, 2008 15:18 UTC (Mon) by nix (subscriber, #2304) [Link] If his audience isn't LKML then why's he making criticisms that only (a very few) LKML-active people can possibly address? (And making them in a desperately unpleasant and confrontational tone of writing, no less.)
Stable kernel 2.6.25.11 Posted Jul 14, 2008 15:31 UTC (Mon) by zooko (subscriber, #2589) [Link] I personally am glad to read those comments from PaXTeam, because I don't read LKML, and I'm very interested in what security flaws are present in recent versions of Linux, and I'm also very interested in how the Linux development process works. (Corbet's frequent articles on Linux development process are always interesting, too.)
Stable kernel 2.6.25.11 Posted Jul 14, 2008 16:02 UTC (Mon) by nix (subscriber, #2304) [Link] Yeah. I'd agree that the actual finding and publicising of the holes is a definite service. It's just the tone: from the moment of first posting it's been one of accusation and backbiting. I get the distinct impression that the holes are meant to matter less than the one-upmanship, which *has* to be wrong...
Stable kernel 2.6.25.11 Posted Jul 14, 2008 17:47 UTC (Mon) by rsidd (subscriber, #2582) [Link] PaXTeam has a valid point that is not being addressed despite his repeating himself many times: why don't kernel update messages mention security issues where they clearly exist? In this case, why "STRONGLY" urge users to upgrade if there's no security issue, and if there is a security issue (which clearly there is), why not say so? In previous cases even the strong upgrade message was missing. Was PaXTeam unpleasant in tone in his first posting? Which was it? Rather than criticise his tone one should ask why there is no response from the kernel team.
Stable kernel 2.6.25.11 Posted Jul 15, 2008 13:06 UTC (Tue) by nix (subscriber, #2304) [Link] ... and now Linus says in http://www.ussg.iu.edu/hypermail/linux/kernel/0807.1/2990... that this has *already been discussed*, so PAXTeam/pageexec is seemingly harping on a dead horse. (As I expected, Linus brusquely dismisses all this pointless rabbiting about the iniquity of disobeying formal policies. Finding the holes: good. Making noise because they're not marked up properly: don't bother.)
Stable kernel 2.6.25.11 Posted Jul 15, 2008 14:21 UTC (Tue) by jebba (subscriber, #4439) [Link] Linus may not care from his perspective, which is fine, but that doesn't mean us mere users don't want to know WTF is going on. We'll just have to find out via lwn comments. ;)
Stable kernel 2.6.25.11 Posted Jul 15, 2008 15:34 UTC (Tue) by spender (guest, #23067) [Link] Please provide links to this discussion from weeks ago. Don't reply until you find them. -Brad
Stable kernel 2.6.25.11 Posted Jul 15, 2008 16:07 UTC (Tue) by nix (subscriber, #2304) [Link]
I was willing to trust Linus on that. (For all I know it was a personal email, and I don't
have access to Linus's inbox, thank god.)
('Don't reply'? I don't see what grounds you have to instruct me like that. Sheesh.)
Stable kernel 2.6.25.11 Posted Jul 15, 2008 17:06 UTC (Tue) by spender (guest, #23067) [Link] So what dead horse is being beaten if you can't provide me with links to this discussion Linus is referring to? -Brad
Stable kernel 2.6.25.11 Posted Jul 15, 2008 19:08 UTC (Tue) by nix (subscriber, #2304) [Link] The dead horse is arguing about this at all when Linus has said that he doesn't care and gregkh has pointed out (in <http://www.uwsg.iu.edu/hypermail/linux/kernel/0807.1/2645...>) that commit messages don't get changed for stable unless the patch itself changes. Given the `don't change commit messages unless necessary' process of the stable team (likely to stay that way unless gregkh et al acquire several clones or the day becomes 48 hours long), the two of you are in effect insisting that Linus and everyone else who pulls patches from anyone else not accept those changes until they've reviewed every one for security impact, acquired CVEs if necessary and only then allowed them on. (Nothing else would suffice to get every commit message appropriately marked up before it makes its way into -stable and/or the next major kernel release.) And that *really* isn't likely to happen as long as pretty much everyone involved in the process who's said anything at all has said 'no way', and if it did happen it would devastate kernel development speed. Even OpenSSH isn't maintained *that* rigorously, and OpenSSH is a couple of orders of magnitude smaller. (I suspect that anyone who doesn't say 'no way' to a suggestion like that is more interested in security reviewing than coding anyway, and so probably isn't committing anything much other than security fixes. There certainly aren't enough of those people, but expecting *everyone* to act like that is impractical.) (I fully expect more groundless 'straw man' accusations now because I dared to determine what your demands would logically imply.)
Stable kernel 2.6.25.11 Posted Jul 15, 2008 21:46 UTC (Tue) by spender (guest, #23067) [Link] Yes, nix, you've really explored the depths of the logical implications of what we're trying to get accomplished. I don't want to blow your mind or anything, but I'll try in a paragraph or so to catch you up to speed with what's been going on with "computers" in the past couple decades or so. See, some time ago, somebody thought it would be a good idea to create something called a "text editor." An ingenious invention at the time, certainly, and you'd be surprised to know that they're still in use today! In fact, these "text editors" have made their way into other common applications, like those used to read electronic mail (what we nowadays call e-mail). If you're unfamiliar with these "text editor" contraptions, they allow you to edit text, copy and paste text, and other such advanced procedures. An interesting fact is that these "text editors" can indeed be used to *compose* electronic mail messages. For example, maybe a person would be writing an email which contains the changelogs for a particular version of the Linux kernel. With these newfangled "text editors" one can modify these changelogs quite easily to add any additional information they choose to include! I know back in the day this may have been a long and laborious process, what with all those punch cards and driving to the residence of the recipient to deliver them, but surprisingly this task now takes much less time! There are reasons certain fixes get included in the -stable tree. They are aware of these reasons, and the only thing preventing them from informing others of these reasons is their own will to do so. We're asking them to simply be honest about what was fixed. When they know it's a possibly exploitable overflow, they should just say so. Now, should all these vendors profiting off Linux and its appearance of security (which given Linus' recent statements, I think the public should be strongly reconsidering) actually maybe form a group of actual security professionals to handle this kind of stuff, instead of continuing to say "hey don't be so harsh, we're just really awful at this sort of thing...but Linux is still enterprise-grade!"? Sure, it would be nice, but one problem at a time. Just as an obvious example to show how incredibly stupid your explanation of "logical implications", the fact that the PaX team has been pointing out suspicious and exploitable vulnerabilities in each of the past half-dozen -stable releases hasn't seemed to impact the speed of kernel development one iota, let alone "devastate" it. As evidenced by several comments on this posting already, people appreciate having this information available. I think that view will become even more common once people read what Linus is saying (that he doesn't think people should be informed of security issues and that the vendors, the only people doing such informing, are doing a "crappy" job of it and only disclosing a small percentage of vulnerabilities) and realize what Linux kernel security in particular is passing for these days. -Brad
security holes in Linux Posted Jul 15, 2008 22:26 UTC (Tue) by zooko (subscriber, #2589) [Link] I hate to see angry messages on LWN.net (although I have to admit that, even while angry, the current posters are making more useful points than I see on most other web fora). I like the note at the top of the LWN.net comment editor page: "Please try to be polite, respectful, and informative". Let me point out that this isn't so much an issue of Good vs. Evil as much as a question of different people having different needs. The Linux kernel does a fine job of evolving quickly, supporting lots of hardware, improving the common cases of performance issues, and so forth. There are plenty of people whose security needs can be aptly summed up as "Whatever my distribution and the Linux core team think is best is probably good enough.". Those people have no need for more specific information about vulnerabilities, and would not be able to use that information if they had it. Perhaps they are using Linux exclusively on non-networked, single-user jobs, for example. It's not that those people *ought* to value specific security vulnerability disclosures more than they do -- it's just that they personally have no need of such disclosures. On the other hand there are people who do need more specific information. They may be responsible for networked, multi-user Linux installations with great value at stake, for example. They may need, and know how to use, vulnerability disclosures in precise detail as to the window of vulnerability and how to fix or workaround each issue. As far as I currently understand it, those people are not being served. Now again, this isn't a matter of Good vs. Evil. Linus, and GregKH, and the rest of the Linux folks have no moral obligation to provide what those folks need. If Linus and company care to start providing it, that would be fine. If not, then perhaps someone else (such as PaXTeam and his partners) would provide that information about Linux, or perhaps those users would be better off if they switched from Linux to Solaris or OpenBSD or something. But again, for the third time, those users switching from Linux to Solaris or OpenBSD or something would not be an Evil. The world would not become a worse place. Indeed, if the maintainers of those other operating systems were better prepared to provide the kind of service that those users need, then the world would be a better place. For what it is worth I have worked in computer security for a long time, and for years I tended to assume that my peers who insisted on running only OpenBSD or FreeBSD and refused to rely on Linux for security were just being show-offs. Nowadays I'm beginning to think that they had justification for their choice. Regards, Zooko P.S. Just to make sure everyone got the point, if it is true, as I just alleged, that many open-source-loving computer security professionals refuse to trust Linux's security, then this is not Evil. It's no big deal. They get along fine in their jobs and you get along fine in yours, so when replying to this note, please try to be polite, respectful, and informative.
security holes in Linux Posted Jul 15, 2008 22:53 UTC (Tue) by spender (guest, #23067) [Link] I understand the point you're making, and it actually illustrates part of the problem here. In order to make those kinds of informed decisions about which OS to use, for example, the people providing the options have to be honest about what they're actually providing. In the case we have now with the Linux kernel, on paper they're saying they provide full disclosure of security bugs, and sometimes we do see CVE and other security-related information in changelogs (http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6... just taken as a random example) but now we find out that in reality, non-disclosure seems to be their general policy (except for the small percentage of vulnerabilities Linus says the vendors report on). As evidenced by some of the comments in denial on previous postings, I think some are probably surprised now at how things really are. So as the PaX Team is asking on LKML, there are two solutions to the problem. Either of them will help people make better decisions regarding security: revise their written policy of full-disclosure to reflect their real policy of non-disclosure, or change their real policy to reflect what has been their written policy since 2005. -Brad
security holes in Linux Posted Jul 15, 2008 23:26 UTC (Tue) by nix (subscriber, #2304) [Link] I note the absence of anything in Documentation/SecurityBugs binding the Linux kernel hackers to *anything*. All it describes is the way that bugs sent to the *kernel security team* are managed. I see nothing that says that security bugs described anywhere *else* need to be handled in any particular way, or that anyone else involved with the kernel needs to pay the document any attention at all. (Perhaps the file needs to say more clearly that this is not a security policy for the kernel, just a place to which people can report security bugs if they'd rather not get the standard Linus kill-it-now approach.) I think this has all been a giant misreading from the start.
Stable kernel 2.6.25.11 Posted Jul 15, 2008 23:15 UTC (Tue) by adobriyan (guest, #30858) [Link] [lame sarcastic stuff] > There are reasons certain fixes get included in the -stable tree. They > are aware of these reasons, and the only thing preventing them from > informing others of these reasons is their own will to do so. We're > asking them to simply be honest about what was fixed. When they know > it's a possibly exploitable overflow, they should just say so. Now, > should all these vendors profiting off Linux and its appearance of > security (which given Linus' recent statements, I think the public > should be strongly reconsidering) actually maybe form a group of actual > security professionals to handle this kind of stuff, instead of > continuing to say "hey don't be so harsh, we're just really awful at > this sort of thing...but Linux is still enterprise-grade!"? Here is an exercise. Get 2.6.25 => 2.6.26 changelogs and patches. Write down bugs (just bugs) which make sense to apply to 2.6.25. To apply in logical sense, not in patch(1) sense. Scratch those which are already in -stable. Now extract those which are security-relevant. Do the same for, say, OpenBSD 4.2 => 4.3. Do the same for Windows (OK, this is a joke). Enlightment will come pretty quickly. > Just as an obvious example to show how incredibly stupid your > explanation of "logical implications", the fact that the PaX team has > been pointing out suspicious and exploitable vulnerabilities in each of > the past half-dozen -stable releases > hasn't seemed to impact the speed > of kernel development one iota, let alone "devastate" it. As evidenced > by several comments on this posting already, people appreciate having > this information available. This is something I can't personally understand. Do those people need word "security" or "buffer overflow" in changelog and announcement to start kernel upgrade machinery? Given how many commits don't even reach -stable for PaX guy to whine, they live in some rosy universe. Not even mentioning occasional incomplete and flatly wrong information in CVE database. > I think that view will become even more > common once people read what Linus is saying (that he doesn't think > people should be informed of security issues and that the vendors, the > only people doing such informing, are doing a "crappy" job of it and > only disclosing a small percentage of vulnerabilities) and realize what > Linux kernel security in particular is passing for these days. grsecurity will save us, no worries about that.
Stable kernel 2.6.25.11 Posted Jul 16, 2008 0:05 UTC (Wed) by spender (guest, #23067) [Link] Is any distribution shipping 2.6.25.11? When a new stable kernel is released, do they push out binaries for that new kernel, for all .x.y releases? You know the answer to this, so I think it's you who is living in a "rosy universe" and pretends that Linux users are using the vanilla "stable" kernel and upgrading to each new one for the week. And yes, people do need those words. They're the same words everyone else uses and expects to be used. Do you think Microsoft could get away with the ridiculous idea that security bugs are just bugs? I guess in your "rosy universe" if on Patch Tuesday, a list of 10 patches was presented to a user with descriptions like "fixed bug" they'd terminate any critical processes running and upgrade their hundreds of machines immediately. -Brad
Stable kernel 2.6.25.11 Posted Jul 16, 2008 0:38 UTC (Wed) by adobriyan (guest, #30858) [Link] > I guess in your "rosy universe" if on Patch Tuesday, a list of 10 patches > was presented to a user with descriptions like "fixed bug" they'd terminate > any critical processes running and upgrade their hundreds of machines > immediately. Kindly keep your guesses inside yourself.
Stable kernel 2.6.25.11 Posted Jul 15, 2008 23:16 UTC (Tue) by nix (subscriber, #2304) [Link] Nice snark. Still, it was unnecessary: oddly, I do know what text editors are. However, the fact remains that editing the patch commit logs isn't done unless necessary, and the stable tree maintainers don't think that researching possible security implications, getting CVE info and so on is a good use of their time. In the absence of their doing this, the only way to enforce 'CVE info on everything' as you seem to want is the development-speed-devastating scheme I outlined two messages up. Of *course* this crazy scheme hasn't been adopted or even proposed, but that is the only way to do what you suggest as long as the stable team's job remains cherry-picking and applying patches that others write, rather than actually modifying the commit logs, and the stable team have said that this is what they consider their purpose to be.
Stable kernel 2.6.25.11 Posted Jul 14, 2008 16:11 UTC (Mon) by bfields (subscriber, #19510) [Link] you might want to be careful with pagemap: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-... . incidentally, that commit fixes security bugs without a corresponding stable commit, not to mention CVE. You could try replying to the original thread (or starting a new thread if it didn't go over lkml originally), and adding a cc: to stable@kernel.org. That's probably all it would take to get it into stable, if it meets their criteria. I don't know how you go about getting CVE's. Other possible ways you could help:
Stable kernel 2.6.25.11 Posted Jul 14, 2008 20:06 UTC (Mon) by adobriyan (guest, #30858) [Link] > you might want to be careful with pagemap: > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-... . > incidentally, that commit fixes security bugs without a corresponding > stable commit, not to mention CVE. You've missed similar commit re /proc/*/clear_refs . Regardless, RTFS before making such statements. 2.6.25 is not affected not to NULL ->mm bug (security-irrelevant), not to static walker bug (contains only pointers to hooks, data passed explicitly to pagetable walkers), read(, , 0) is also fine, wraparound in multiplication in kmalloc doesn't work too. The only bug 2.6.25 has, which 2.6.26 doesn't have is read(, , 0) returning 8. Actually, this was fixed accidently. proc/*/clear_refs fixlet is unneeded in 2.6.25 also, again, walker structure contains only hooks. > business as usual, i guess. How old are you?
Stable kernel 2.6.25.11 Posted Jul 15, 2008 2:00 UTC (Tue) by PaXTeam (subscriber, #24616) [Link] > You've missed similar commit re /proc/*/clear_refs . i didn't, i was reflecting on pagemap, not clear_refs. > Regardless, RTFS before making such statements. which one? i see you aren't disputing that the commit fixed security bugs for .26, you're only complaining about its applicability to .25. clearly, features not used on .25 are irrelevant, however the kmalloc(0) case is an interesting one as it ends up down a similar path to what the vmsplice exploit abused, save for the hardening of get_user_pages that was introduced due to the same. were cliph to withhold that bug for a little longer, you would be essentially arguing for not fixing an exploitable bug - not the right mindset i'm afraid. and let's not get started on the sillyness of using a userland address for ZERO_SIZE_PTR. another problem you haven't caught is that while get_user_pages brings in the userland buffer and even makes it writable, as soon as the mmap semaphore is dropped, the whole thing can disappear (munmap) or become read-only again (fork/mprotect) and thus whatever the whole exercise was supposed to prevent (sleeping on put_user? copy-on-write?) is still possible. > How old are you? judging from your post, probably at least 2-3 times your age. ;)
Stable kernel 2.6.25.11 Posted Jul 15, 2008 11:30 UTC (Tue) by adobriyan (guest, #30858) [Link] > > Regardless, RTFS before making such statements. > > which one? 2.6.25 obviously. > i see you aren't disputing that the commit fixed security bugs for .26, Correct, but irrelevant. Bugs were added in 2.6.26-rc7. kmalloc(0) is harmless. Multiplication overflow on 64-bit can't happen (honestly, I'm not sure about 32-bit, haven't checked personally). Just, stating something, state full picture. > you're only complaining about its applicability to .25. Oh, wow! It's you who is complaining here, dammit! > clearly, features not used on .25 are irrelevant, PROC_PAGE_MONITOR is enabled in 2.6.25, so it's relevant. What feature is irrelevant but relevant to thread? > however the kmalloc(0) case is an interesting one as it ends up down a > similar path to what the vmsplice exploit abused, save for the hardening > of get_user_pages that was introduced due to the same. were cliph to > withhold that bug for a little longer, you would be essentially arguing > for not fixing an exploitable bug - not the right mindset i'm afraid. Blame developers for bugs which could have happened. This is a solution! > and let's not get started on the sillyness of using a userland address > for ZERO_SIZE_PTR. Given that a) kmalloc() will return ZERO_SIZE_PTR, b) get_user_pages() will immediately return 0, let's not. > another problem you haven't caught When you've noticed this? Right after pagemap was added? After pagemap was shipped in 2.6.25? After you've noticed pagemap fixes? After you realized that some from all those pagemap fixes do not apply to 2.6.25 (crap!)? > is that while get_user_pages brings in the userland buffer and even > makes it writable, as soon as the mmap semaphore is dropped, the whole > thing can disappear (munmap) or become read-only again (fork/mprotect) > and thus whatever the whole exercise was supposed to prevent (sleeping > on put_user? Don't know what exact aspect of "sleeping on put_user" you mean. > copy-on-write?) is still possible. But, but, RTFS again. Notice put_page() calls in pagemap_read(). Why they're there? Probably, because get_user_pages() pins pages, so they won't dissapear from under you. Regarding mprotect(): user will clear PROT_WRITE, and kernel will put_user() to it. You know what will happen. Amazing hole. > > > business as usual, i guess. > > > > How old are you? > > judging from your post, probably at least 2-3 times your age. ;) Yes, yes, but... How old are you?
Stable kernel 2.6.25.11 Posted Jul 18, 2008 12:05 UTC (Fri) by PaXTeam (subscriber, #24616) [Link] Sorry Alexey to have you waited but as you probably saw, i was quite busy elsewhere ;). with that said, having seen your knowledge/idiocy ratio (no need to go further than say http://thread.gmane.org/gmane.linux.kernel/706524/focus=7...), i'll cut this answer short and just point out a few obvious things in the hope you'll think more next time before posting. > kmalloc(0) is harmless. it's not in general. it returns a non-NULL ptr so !ptr checks will not catch it and that can later result in their dereference of userland memory. in other words, it's a design error, this call should return something that's guaranteeed to fault on dereference. the kernel even has a special range for exactly this purpose: the negative error codes. > Multiplication overflow on 64-bit can't happen 2fc: 4d 29 fc sub %r15,%r12 2ff: 49 c1 ec 0c shr $0xc,%r12 303: 49 63 fc movslq %r12d,%rdi 306: 45 89 e5 mov %r12d,%r13d 309: 48 c1 e7 03 shl $0x3,%rdi 30d: e8 00 00 00 00 callq 312 <pagemap_read+0xc4> 30e: R_X86_64_PC32 __kmalloc+0xfffffffffffffffc do you know what movslq does? (extra quiz question: do you know why it's there at all?) do you understand what the following shl will do to the result? > Don't know what exact aspect of "sleeping on put_user" you mean. that other threads can schedule during that sleep and do all kinds of changes to the virtual address space (and consequently, the underlying physical pages as well) that this code may not have expected to happen. i don't know if that's the case, i was asking the question myself, but considering that someone went to lengths to call get_user_pages in this code, there must be a reason for it. > Notice put_page() calls in pagemap_read(). Why they're there? Probably, > because get_user_pages() pins pages, so they won't dissapear from under > you. it pins physical pages, it doesn't pin virtual memory mappings in place (that's what the mmap semaphore is for). so while the pinned pages may very well stay in RAM, the put_user may not access them at all if copy-on-write or munmap/mmap brought in a different set of physical (and quite possibly, not pinned) pages. whether that's a problem or not, i can't tell (read: i'm not going to spend any more time on this), hence the question. > Regarding mprotect(): user will clear PROT_WRITE, and kernel will > put_user() to it. You know what will happen. Amazing hole. if copy-on-write moves your carefully pinned page away and replaces it with a non-pinned one, an assumption this code relies (or may rely, we don't know as of now) on is broken. what consequences that has, i don't know, hence my question.
|
|||||||||||