linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Gene Cooperman <gene@ccs.neu.edu>
To: Matt Helsley <matthltc@us.ibm.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
	Kees Cook <keescook@chromium.org>,
	spender@grsecurity.net, Peter Zijlstra <a.p.zijlstra@chello.nl>,
	linux-doc@vger.kernel.org, Jiri Kosina <jkosina@suse.cz>,
	Darren Hart <dvhart@linux.intel.com>,
	kernel-hardening@lists.openwall.com,
	linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
	Randy Dunlap <rdunlap@xenotime.net>,
	Linux Containers <containers@lists.linux-foundation.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Andrew Morton <akpm@linux-foundation.org>,
	Cyrill Gorcunov <gorcunov@openvz.org>,
	Pavel Emelyanov <xemul@parallels.com>,
	Gene Cooperman <gene@ccs.neu.edu>
Subject: Re: [PATCH v2] futex: mark get_robust_list as deprecated
Date: Fri, 30 Mar 2012 18:51:48 -0400	[thread overview]
Message-ID: <20120330225148.GC26814@mspacman.ccs.neu.edu> (raw)
In-Reply-To: <20120330050544.GA32299@count0.beaverton.ibm.com>

Thanks for including us in the cc, Matt.  
We don't need the system call for DMTCP either.

Also, in our DMTCP user base, we haven't had any requests to support
checkpointing of user code with get_robust_list().  If a user had needed
this or a similar system call, I suspect our new plugin architecture
would make it easy to eupport.  But it's a non-issue now.

Thanks,
- Gene

On Thu, Mar 29, 2012 at 10:05:44PM -0700, Matt Helsley wrote:
> On Fri, Mar 23, 2012 at 03:06:02PM -0700, Eric W. Biederman wrote:
> > Kees Cook <keescook@chromium.org> writes:
> > 
> > > Notify get_robust_list users that the syscall is going away.
> > 
> > Has anyone asked the question if the folks working on checkpoint/restart
> > are going to need this.
> > 
> > This seems like important information to know if you want to checkpoint
> > a process.
> 
> I have no idea if the CRIU and DMTCP folks care about this. I've added
> some folks related to those projects to the Cc list.
> 
> > 
> > Eric
> > 
> > > Suggested-by: Thomas Gleixner <tglx@linutronix.de>
> > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > ---
> > > v2:
> > >  - add note to feature-removal-schedule.txt.
> > > ---
> > >  Documentation/feature-removal-schedule.txt |   10 ++++++++++
> > >  kernel/futex.c                             |    2 ++
> > >  kernel/futex_compat.c                      |    2 ++
> > >  3 files changed, 14 insertions(+), 0 deletions(-)
> > >
> > > diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt
> > > index 4bfd982..e3bf119 100644
> > > --- a/Documentation/feature-removal-schedule.txt
> > > +++ b/Documentation/feature-removal-schedule.txt
> > > @@ -543,3 +543,13 @@ When:	3.5
> > >  Why:	The old kmap_atomic() with two arguments is deprecated, we only
> > >  	keep it for backward compatibility for few cycles and then drop it.
> > >  Who:	Cong Wang <amwang@redhat.com>
> > > +
> > > +----------------------------
> > > +
> > > +What:	get_robust_list syscall
> > > +When:	2013
> > > +Why:	There appear to be no production users of the get_robust_list syscall,
> > > +	and it runs the risk of leaking address locations, allowing the bypass
> > > +	of ASLR. It was only ever intended for debugging, so it should be
> > > +	removed.
> 
> So I've looked in glibc, gdb, and DMTCP. The description of the intended
> use of get_robust_list() is accurate. However the benefit of ASLR is
> less clear when it comes to the robust list. In glibc the robust list is
> only used from NPTL. The robust list head is in struct pthread which can be
> obtained from pthread_self() anyway. Thus I think ASLR doesn't really help
> obfuscate the robust futex list unless the program is using robust futexes
> without the aid of glibc.
> 
> Cheers,
> 	-Matt Helsley
> 

  parent reply	other threads:[~2012-03-30 23:39 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-19 23:12 [PATCH] futex: do not leak robust list to unprivileged process Kees Cook
2012-03-20 13:31 ` Serge Hallyn
2012-03-20 17:02   ` Thomas Gleixner
2012-03-20 17:11     ` Kees Cook
2012-03-20 17:23       ` Ingo Molnar
2012-03-22 23:46         ` Thomas Gleixner
2012-03-23 17:58           ` [PATCH] futex: mark get_robust_list as deprecated Kees Cook
2012-03-23 18:27             ` Thomas Gleixner
2012-03-23 19:08               ` Kees Cook
2012-03-23 19:08               ` [PATCH v2] " Kees Cook
2012-03-23 22:06                 ` Eric W. Biederman
2012-03-23 22:10                   ` Kees Cook
2012-03-30  5:05                   ` Matt Helsley
2012-03-30  6:14                     ` Pavel Emelyanov
2012-03-30 22:51                     ` Gene Cooperman [this message]
2012-03-27 18:05                 ` Josh Boyer
2012-03-27 19:13                   ` Peter Zijlstra
2012-03-29  9:56                 ` [tip:core/locking] futex: Mark " tip-bot for Kees Cook
2012-08-02 10:35                 ` [PATCH v2] futex: mark " richard -rw- weinberger
2012-08-02 11:11                   ` Eric W. Biederman
2012-08-03 10:17                     ` richard -rw- weinberger
2012-08-03 11:02                       ` Cyrill Gorcunov
2012-08-03 11:19                         ` richard -rw- weinberger
2012-08-03 11:27                           ` Cyrill Gorcunov
2012-08-03 11:30                             ` richard -rw- weinberger
2012-08-03 11:35                               ` Cyrill Gorcunov
2012-08-03 11:38                                 ` richard -rw- weinberger
2012-08-03 12:38                         ` Pavel Emelyanov
2012-08-03 12:58                           ` Eric W. Biederman
2012-08-03 13:00                             ` richard -rw- weinberger
2012-08-03 17:16                             ` Kees Cook
2012-03-28 18:33           ` [PATCH] futex: do not leak robust list to unprivileged process Kees Cook
2012-03-28 21:24             ` Thomas Gleixner
2012-03-29  9:55 ` [tip:core/locking] futex: Do " tip-bot for Kees Cook
2012-06-19  1:41   ` Wanlong Gao
2012-06-19  2:24     ` Serge Hallyn
2012-06-19  2:32       ` Wanlong Gao
2012-06-19  3:13         ` Serge Hallyn
2012-06-19  3:21           ` Wanlong Gao
2012-06-19 12:23             ` Serge Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120330225148.GC26814@mspacman.ccs.neu.edu \
    --to=gene@ccs.neu.edu \
    --cc=a.p.zijlstra@chello.nl \
    --cc=akpm@linux-foundation.org \
    --cc=containers@lists.linux-foundation.org \
    --cc=dhowells@redhat.com \
    --cc=dvhart@linux.intel.com \
    --cc=ebiederm@xmission.com \
    --cc=gorcunov@openvz.org \
    --cc=jkosina@suse.cz \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=matthltc@us.ibm.com \
    --cc=rdunlap@xenotime.net \
    --cc=spender@grsecurity.net \
    --cc=tglx@linutronix.de \
    --cc=xemul@parallels.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).