Re: [Security] DoS on x86_64

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "H. Peter Anvin" <hpa@zytor.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mathias Krause <minipli@googlemail.com>,
	security@kernel.org, "Luck, Tony" <tony.luck@intel.com>,
	James Morris <jmorris@namei.org>,
	Mike Waychison <mikew@google.com>,
	Michael Davidson <md@google.com>,
	linux-mm@kvack.org, Ingo Molnar <mingo@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Roland McGrath <roland@redhat.com>
Subject: Re: [Security] DoS on x86_64
Date: Thu, 28 Jan 2010 15:14:50 -0800	[thread overview]
Message-ID: <4B621A6A.6070507@zytor.com> (raw)
In-Reply-To: <alpine.LFD.2.00.1001281449220.3846@localhost.localdomain>

On 01/28/2010 03:06 PM, Linus Torvalds wrote:
> 
> 
> On Thu, 28 Jan 2010, Linus Torvalds wrote:
>>
>> I have _not_ tested any of this, and maybe there is some crazy reason why 
>> this won't work, but I'm not seeing it.
> 
> Grr. We also do "arch_pick_mmap_layout()" in "flush_old_exec()".
> 
> That whole function is mis-named. It doesn't actually flush the old exec, 
> it also creates the new one.
> 
> However, we then re-do it afterwards in fs/binfmt_elf.c, so again, that 
> doesn't really matter.
> 
> What _does_ matter, however, is the crazy stuff we do in flush_thread() 
> wrt TIF_ABI_PENDING. That's just crazy.
> 
> So no, the trivial patch won't work.
> 
> How about splitting up "flush_old_exec()" into two pieces? We'd have a 
> "flush_old_exec()" and a "setup_new_exec()" piece, and all existing 
> callers of flush_old_exec() would just be changed to call both?
> 

Ah yes.  This really is a lot better than the track which I originally
was thinking about, which was something like adding a callout from
flush_old_exec().

I will try this... plus remove the TIF_ABI_PENDING stuff from x86, and
see how it works.

	-hpa

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

next prev parent reply	other threads:[~2010-01-28 23:15 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-01-28  7:34 DoS on x86_64 Mathias Krause
2010-01-28  8:18 ` [Security] " Andrew Morton
2010-01-28 15:41   ` H. Peter Anvin
2010-01-28 22:33     ` Linus Torvalds
2010-01-28 22:47       ` Mathias Krause
2010-01-28 22:47       ` H. Peter Anvin
2010-01-28 23:09         ` Linus Torvalds
2010-01-28 23:27           ` H. Peter Anvin
2010-01-28 23:46             ` Linus Torvalds
2010-01-29  4:43             ` Linus Torvalds
2010-01-29  4:43               ` [PATCH 1/2] Split 'flush_old_exec' into two functions Linus Torvalds
2010-01-29  4:47                 ` [PATCH 2/2] x86: get rid of the insane TIF_ABI_PENDING bit Linus Torvalds
2010-01-29  5:17                 ` [PATCH 1/2] Split 'flush_old_exec' into two functions H. Peter Anvin
2010-01-29  5:05               ` [Security] DoS on x86_64 H. Peter Anvin
2010-01-29  5:29               ` H. Peter Anvin
2010-01-29  5:34                 ` [PATCH 1/2] Split 'flush_old_exec' into two functions H. Peter Anvin
2010-01-29  5:34                   ` [PATCH 2/2] x86: get rid of the insane TIF_ABI_PENDING bit H. Peter Anvin
2010-01-29  5:36                 ` [PATCH 1/2] Split 'flush_old_exec' into two functions H. Peter Anvin
2010-01-29  5:36                   ` [PATCH 2/2] x86: get rid of the insane TIF_ABI_PENDING bit H. Peter Anvin
2010-01-29  5:41                 ` [PATCH 1/2] Split 'flush_old_exec' into two functions H. Peter Anvin
2010-01-29  5:41                   ` [PATCH 2/2] x86: get rid of the insane TIF_ABI_PENDING bit H. Peter Anvin
2010-01-29  5:44                     ` H. Peter Anvin
2010-01-29  6:14                 ` [PATCH 1/2] Split 'flush_old_exec' into two functions H. Peter Anvin
2010-01-29  6:14                 ` [PATCH 2/2] x86: get rid of the insane TIF_ABI_PENDING bit H. Peter Anvin
2010-01-28 23:06       ` [Security] DoS on x86_64 Linus Torvalds
2010-01-28 23:14         ` H. Peter Anvin [this message]
2010-01-28 21:31   ` Mathias Krause
2010-01-28 17:10 ` Linus Torvalds
2010-01-28 21:49   ` Mathias Krause
2010-01-28 21:58     ` Linus Torvalds
2010-01-28 22:08       ` Mathias Krause
2010-01-28 22:18         ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B621A6A.6070507@zytor.com \
    --to=hpa@zytor.com \
    --cc=akpm@linux-foundation.org \
    --cc=jmorris@namei.org \
    --cc=linux-mm@kvack.org \
    --cc=md@google.com \
    --cc=mikew@google.com \
    --cc=mingo@redhat.com \
    --cc=minipli@googlemail.com \
    --cc=roland@redhat.com \
    --cc=security@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=tony.luck@intel.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.