From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29C8BC432BE for ; Fri, 20 Aug 2021 14:57:31 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id A62E760F39 for ; Fri, 20 Aug 2021 14:57:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org A62E760F39 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=HansenPartnership.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 419566B0071; Fri, 20 Aug 2021 10:57:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3CA1A8D0001; Fri, 20 Aug 2021 10:57:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2B8586B0073; Fri, 20 Aug 2021 10:57:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0188.hostedemail.com [216.40.44.188]) by kanga.kvack.org (Postfix) with ESMTP id 0E0846B0071 for ; Fri, 20 Aug 2021 10:57:30 -0400 (EDT) Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 67C4C2D389 for ; Fri, 20 Aug 2021 14:57:29 +0000 (UTC) X-FDA: 78495762618.17.08E102B Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) by imf15.hostedemail.com (Postfix) with ESMTP id E4B67D000081 for ; Fri, 20 Aug 2021 14:57:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 48FF41280D3A; Fri, 20 Aug 2021 07:57:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1629471447; bh=T8fM0mMRGQEJQ9wSjnQ4z65LLLqaO9J01HLIBiCTQuk=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=efYeKvGOmb9BLn5/gUTYk7Uqzr9d7FhsQAJVFS50qmzQjZoHuYPMhtEsw+Rjz9F/9 LZn3QfaPBp9CYGY8IC86zNe4NL9c+trOENn53Y1jvqONfq2dZhTmQVrjCf+Ej0hLNl ZeevjB0drNUVzdgyTrCBU93z1lC3iSPFW8mpP+Kk= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oKM4JfCuzp5p; Fri, 20 Aug 2021 07:57:27 -0700 (PDT) Received: from jarvis.int.hansenpartnership.com (unknown [IPv6:2601:600:8280:66d1::527]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id BC72C1280CAE; Fri, 20 Aug 2021 07:57:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1629471447; bh=T8fM0mMRGQEJQ9wSjnQ4z65LLLqaO9J01HLIBiCTQuk=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=efYeKvGOmb9BLn5/gUTYk7Uqzr9d7FhsQAJVFS50qmzQjZoHuYPMhtEsw+Rjz9F/9 LZn3QfaPBp9CYGY8IC86zNe4NL9c+trOENn53Y1jvqONfq2dZhTmQVrjCf+Ej0hLNl ZeevjB0drNUVzdgyTrCBU93z1lC3iSPFW8mpP+Kk= Message-ID: <0874a50b61cfaf7c817cab7344c49c1641c1fd10.camel@HansenPartnership.com> Subject: Re: [PATCH] mm/secretmem: use refcount_t instead of atomic_t From: James Bottomley To: Jordy Zomer , linux-kernel@vger.kernel.org Cc: Kees Cook , Andrew Morton , linux-mm@kvack.org, Mike Rapoport Date: Fri, 20 Aug 2021 07:57:25 -0700 In-Reply-To: <20210820043339.2151352-1-jordy@pwning.systems> References: <20210820043339.2151352-1-jordy@pwning.systems> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: E4B67D000081 Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=hansenpartnership.com header.s=20151216 header.b=efYeKvGO; dkim=pass header.d=hansenpartnership.com header.s=20151216 header.b=efYeKvGO; dmarc=pass (policy=none) header.from=HansenPartnership.com; spf=pass (imf15.hostedemail.com: domain of James.Bottomley@HansenPartnership.com designates 96.44.175.130 as permitted sender) smtp.mailfrom=James.Bottomley@HansenPartnership.com X-Rspamd-Server: rspam04 X-Stat-Signature: 4e479rh1yugj4mgeh85m4r4s19mkk9tm X-HE-Tag: 1629471448-655314 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, 2021-08-20 at 06:33 +0200, Jordy Zomer wrote: > As you can see there's an `atomic_inc` for each `memfd` that is > opened in the `memfd_secret` syscall. If a local attacker succeeds to > open 2^32 memfd's, the counter will wrap around to 0. This implies > that you may hibernate again, even though there are still regions of > this secret memory, thereby bypassing the security check. This isn't a possible attack, is it? secret memory is per process and each process usually has an open fd limit of 1024. That's not to say we shouldn't have overflow protection just in case, but I think today we don't have a problem. James