linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Matthew Wilcox <willy@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
	"Tobin C. Harding" <me@tobin.cc>,
	Dmitry Vyukov <dvyukov@google.com>,
	Kees Cook <keescook@chromium.org>,
	Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	Linux-MM <linux-mm@kvack.org>,
	syzbot
	<bot+719398b443fd30155f92f2a888e749026c62b427@syzkaller.appspotmail.com>,
	David Windsor <dave@nullcore.net>,
	keun-o.park@darkmatter.ae, Laura Abbott <labbott@redhat.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Mark Rutland <mark.rutland@arm.com>,
	Ingo Molnar <mingo@kernel.org>,
	syzkaller-bugs@googlegroups.com,
	Will Deacon <will.deacon@arm.com>
Subject: Re: BUG: bad usercopy in memdup_user
Date: Tue, 19 Dec 2017 20:36:34 -0800	[thread overview]
Message-ID: <CA+55aFypUZ0AwgzNoJy2xSG0m1vppMMC=mvGtUTAWVm_soZh_Q@mail.gmail.com> (raw)
In-Reply-To: <CA+55aFw++4iFkodaEXSPpdvcSTvsggnJWpg-wVyFW54ay_ts8g@mail.gmail.com>

On Tue, Dec 19, 2017 at 8:05 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> And yes, we had a few cases where the hashing actually did hide the
> values, and I've been applying patches to turn those from %p to %px.

So far at least:

  10a7e9d84915 Do not hash userspace addresses in fault handlers
  85c3e4a5a185 mm/slab.c: do not hash pointers when debugging slab
  d81041820873 powerpc/xmon: Don't print hashed pointers in xmon
  328b4ed93b69 x86: don't hash faulting address in oops printout
  b7ad7ef742a9 remove task and stack pointer printout from oops dump
  6424f6bb4327 kasan: use %px to print addresses instead of %p

although that next-to-last case is a "remove %p" case rather than
"convert to %px".

And we'll probably hit a few more, I'm not at all claiming that we're
somehow "done". There's bound to be other cases people haven't noticed
yet (or haven't patched yet, like the usercopy case that Kees is
signed up to fix up).

But considering that we had something like 12k of those %p users, I
think a handful now (and maybe a few tens eventually) is worth the
pain and confusion.

I just want to make sure that the ones we _do_ convert we actually
spend the mental effort really looking at, and really asking "does it
make sense to convert this?"

Not just knee-jerking "oh, it's hashed, let's just unhash it".

               Linus

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

  reply	other threads:[~2017-12-20  4:36 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-18 13:40 syzbot
2017-12-18 14:22 ` Tetsuo Handa
2017-12-19  0:57   ` Kees Cook
2017-12-19  8:12     ` Dmitry Vyukov
2017-12-19  8:37       ` Tobin C. Harding
2017-12-19  8:41         ` Dmitry Vyukov
2017-12-19  9:04           ` Tobin C. Harding
2017-12-19  9:07             ` Dmitry Vyukov
2017-12-19 13:22         ` Matthew Wilcox
2017-12-19 13:41           ` Dmitry Vyukov
2017-12-19 14:08             ` Tetsuo Handa
2017-12-19 14:12               ` Dmitry Vyukov
2017-12-19 20:45                 ` Tobin C. Harding
2017-12-19 20:33           ` Tobin C. Harding
2017-12-19 21:36           ` Linus Torvalds
2017-12-19 21:48             ` Al Viro
2017-12-19 22:09               ` Randy Dunlap
2017-12-19 23:24               ` Linus Torvalds
2017-12-20  3:50               ` Matthew Wilcox
2017-12-20  4:05                 ` Linus Torvalds
2017-12-20  4:36                   ` Linus Torvalds [this message]
2017-12-20  9:44               ` David Laight
2017-12-31  8:11                 ` Dmitry Vyukov
2017-12-19 21:54             ` Kees Cook
2017-12-19 22:16             ` Matthew Wilcox
2017-12-19 22:24             ` Laura Abbott

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CA+55aFypUZ0AwgzNoJy2xSG0m1vppMMC=mvGtUTAWVm_soZh_Q@mail.gmail.com' \
    --to=torvalds@linux-foundation.org \
    --cc=bot+719398b443fd30155f92f2a888e749026c62b427@syzkaller.appspotmail.com \
    --cc=dave@nullcore.net \
    --cc=dvyukov@google.com \
    --cc=keescook@chromium.org \
    --cc=keun-o.park@darkmatter.ae \
    --cc=labbott@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mark.rutland@arm.com \
    --cc=me@tobin.cc \
    --cc=mingo@kernel.org \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=will.deacon@arm.com \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox