From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751693AbdBXAIu (ORCPT <rfc822;w@1wt.eu>);
        Thu, 23 Feb 2017 19:08:50 -0500
Received: from mail-wm0-f65.google.com ([74.125.82.65]:33271 "EHLO
        mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751398AbdBXAIs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 23 Feb 2017 19:08:48 -0500
Date: Fri, 24 Feb 2017 03:07:21 +0300
From: "Kirill A. Shutemov" <kirill@shutemov.name>
To: Dave Hansen <dave.hansen@linux.intel.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
        kirill.shutemov@linux.intel.com, shuah@kernel.org,
        linux-kselftest@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH 1/2] x86, pkeys: check against max pkey to avoid overflows
Message-ID: <20170224000721.GA26920@node.shutemov.name>
References: <20170223222603.A022ED65@viggo.jf.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20170223222603.A022ED65@viggo.jf.intel.com>
User-Agent: Mutt/1.5.23.1 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Feb 23, 2017 at 02:26:03PM -0800, Dave Hansen wrote:
> 
> From: Dave Hansen <dave.hansen@linux.intel.com>
> 
> Kirill got a warning from UBSAN about undefined behavior when using
> protection keys.  He is running on hardware that actually has support
> for it, which is not widely available.
> 
> The warning was because we did some very large shifts of integers when
> doing a pkey_free() of a large, invalid value because we never check
> that the pkey "fits" into the mm_pkey_allocation_map().
> 
> I do not believe there is any danger here of anything bad happening
> other than some aliasing issues where somebody could do:
> 
> 	pkey_free(35);
> 
> and the kernel would effectively execute:
> 
> 	pkey_free(8);
> 
> While this might be confusing to an app that was doing something
> stupid, it has to do something stupid and the effects are limited to
> the app shooting itself in the foot.
> 
> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>

Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>

-- 
 Kirill A. Shutemov