Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 11 Mar 2012 14:03:10 +0000
From: Alan Cox <alan@...rguk.ukuu.org.uk>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Djalal Harouni <tixxdz@...ndz.org>, linux-kernel@...r.kernel.org,
        kernel-hardening@...ts.openwall.com,
        Andrew Morton
 <akpm@...ux-foundation.org>,
        Al Viro <viro@...iv.linux.org.uk>,
        Alexey
 Dobriyan <adobriyan@...il.com>,
        "Eric W. Biederman"
 <ebiederm@...ssion.com>,
        Vasiliy Kulikov <segoon@...nwall.com>,
        Kees Cook
 <keescook@...omium.org>,
        Solar Designer <solar@...nwall.com>,
        WANG Cong
 <xiyou.wangcong@...il.com>,
        James Morris <james.l.morris@...cle.com>,
        Oleg
 Nesterov <oleg@...hat.com>,
        linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        Greg KH <gregkh@...uxfoundation.org>, Ingo
 Molnar <mingo@...e.hu>,
        Stephen Wilson <wilsons@...rt.ca>,
        "Jason A.
 Donenfeld" <Jason@...c4.com>
Subject: Re: [PATCH 1/9] exec: add a global execve counter

> I wonder if the number part of exec_id would even have to be 64-bit. I
> think I can do about 10000 execves per second if I make the program a
> small static one - and that's on a fast CPU. And it's a per-thread
> counter, so you can't scale it with lots of CPU's. So it would take
> something like four days to wrap. Hmm..

I don't think an exec id trick works that well here. It needs to bind to
the actual *object* being used and refcount it in the cases that matter,
then have a proper way of ensuring we clean up references such as a list
of objects to zap hooked to each task struct

So something like


	struct foo_node {
		struct list_node node;
		struct proc_object *ref;
	};
		
	ref = NULL;
	if (foo->ptr != NULL
		ref = kref_get(foo->ptr);

And in the task exit paths walk the node list doing a kref_put/NULL

Add a suitable lock and it ought to be able to generically do that for
anything you need to clobber.

You've still got a sort of race however, just as the proposed execid base
code.  You can pass the fd and access the proc function *as* the exec
occurs. Assuming your ref counting is valid and you use new objects after
the exec that ought to just mean you get the data for the old mm struct,
which seems fine to me. It's logically equivalent to having asked a
microsecond before the exec rather than during it.

Alan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.