Re: [PATCH 1/2] x86, pkeys: check against max pkey to avoid overflows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 23, 2017 at 02:26:03PM -0800, Dave Hansen wrote:
> 
> From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> 
> Kirill got a warning from UBSAN about undefined behavior when using
> protection keys.  He is running on hardware that actually has support
> for it, which is not widely available.
> 
> The warning was because we did some very large shifts of integers when
> doing a pkey_free() of a large, invalid value because we never check
> that the pkey "fits" into the mm_pkey_allocation_map().
> 
> I do not believe there is any danger here of anything bad happening
> other than some aliasing issues where somebody could do:
> 
> 	pkey_free(35);
> 
> and the kernel would effectively execute:
> 
> 	pkey_free(8);
> 
> While this might be confusing to an app that was doing something
> stupid, it has to do something stupid and the effects are limited to
> the app shooting itself in the foot.
> 
> Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>

Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>

-- 
 Kirill A. Shutemov



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]