Re: file offset corruption on 32-bit machines? | KernelTrap

Re: file offset corruption on 32-bit machines?

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Jan Kara <jack@...>

To: Jiri Kosina <jkosina@...>

Cc: Michal Hocko <mhocko@...>, Meelis Roos <mroos@...>, Linux Kernel list <linux-kernel@...>, <linux-fsdevel@...>

Subject: Re: file offset corruption on 32-bit machines?

Date: Thursday, April 10, 2008 - 11:19 am

> On Thu, 10 Apr 2008, Jan Kara wrote:
quoted text> 
> > > The f_pos races are in fact exploitable, we've already been there. See 
> > > for example http://www.isec.pl/vulnerabilities/isec-0016-procleaks.txt
> >   Well, this race is more subtle - the window is just one instruction
> > wide (stores to f_pos from CPU2 must come between the store of lower and
> > upper 32-bits of f_pos on CPU1). And the only result is that f_pos has
> > 32-bits from one file pointer and 32-bits from the other one. So I can
> > hardly imagine this would be exploitable...
> 
> Supposing you are not holding any spinlock and are running with 
> preemptible kernel (pretty common scenario nowadays), there is nothing 
> that would prevent kernel from rescheduling between the two instructions, 
> enlarging the race window to be more comfortable for attacker, right?
  Yes, this is theoretically possible.

quoted text> I think this is worth fixing.
  Hmm, maybe it is, although I still don't see how to exploit it :).

									Honza
-- 
Jan Kara <jack@suse.cz>
SuSE CR Labs
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

file offset corruption on 32-bit machines?, Meelis Roos, (Tue Apr 8, 4:05 am)

Re: file offset corruption on 32-bit machines?, Michal Hocko, (Thu Apr 10, 9:55 am)

Re: file offset corruption on 32-bit machines?, Andi Kleen, (Thu Apr 10, 11:33 am)

Re: file offset corruption on 32-bit machines?, Martin Mares, (Thu Apr 10, 10:11 am)

Re: file offset corruption on 32-bit machines?, Jamie Lokier, (Thu Apr 10, 11:14 am)

Re: file offset corruption on 32-bit machines?, Jan Kara, (Thu Apr 10, 11:28 am)

Re: file offset corruption on 32-bit machines?, Matthew Wilcox, (Thu Apr 10, 11:21 am)

Re: file offset corruption on 32-bit machines?, Jan Kara, (Thu Apr 10, 11:12 am)

Re: file offset corruption on 32-bit machines?, Jiri Kosina, (Thu Apr 10, 10:01 am)

Re: file offset corruption on 32-bit machines?, Michal Hocko, (Thu Apr 10, 10:31 am)

Re: file offset corruption on 32-bit machines?, Jiri Kosina, (Thu Apr 10, 10:35 am)

Re: file offset corruption on 32-bit machines?, Jan Kara, (Thu Apr 10, 10:27 am)

Re: file offset corruption on 32-bit machines?, Pavel Machek, (Fri Apr 11, 3:26 pm)

Re: file offset corruption on 32-bit machines?, Jan Kara, (Mon Apr 14, 12:25 pm)

Re: file offset corruption on 32-bit machines?, Jiri Kosina, (Thu Apr 10, 10:31 am)

Re: file offset corruption on 32-bit machines?, Diego Calleja, (Thu Apr 10, 12:03 pm)

Re: file offset corruption on 32-bit machines?, Jan Kara, (Thu Apr 10, 12:15 pm)

Re: file offset corruption on 32-bit machines?, Jan Kara, (Thu Apr 10, 11:19 am)

Re: file offset corruption on 32-bit machines?, Michal Hocko, (Thu Apr 10, 11:37 am)

Re: file offset corruption on 32-bit machines?, Jan Kara, (Thu Apr 10, 11:56 am)

Re: file offset corruption on 32-bit machines?, Matthew Wilcox, (Thu Apr 10, 10:48 am)

Re: file offset corruption on 32-bit machines?, Jan Kara, (Thu Apr 10, 11:22 am)

Re: file offset corruption on 32-bit machines?, Matthew Wilcox, (Thu Apr 10, 11:30 am)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Greg KH	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 011/196] sysfs: Fix a copy-n-paste typo in comment
Greg KH	Re: Linux 2.6.25.10
Sam Ravnborg	Re: [RFC/PATCH] Documentation of kernel messages
git:
Peter Stahlir	Git as a filesystem
Ken Pratt	Re: pack operation is thrashing my server
Andy Parkins	svn:externals using git submodules
Junio C Hamano	Re: [PATCH] Teach remote machinery about remotes.default config variable
openbsd-misc:
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Mayuresh Kathe	Re: What is our ultimate goal??
Richard Stallman	Real men don't attack straw men
L. V. Lammert	Re: How to find all package files
linux-netdev:
Natalie Protasevich	[BUG] New Kernel Bugs
Mark Lord	Re: 2.6.25-rc8: FTP transfer errors
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Vivek Dasmohapatra	2.6.24 ipw2200 driver can't be reset after firmware explodes

Latest forum posts


trouble with my Asus Mainboard	2 hours ago	Linux kernel
windows folder creation surprise	5 hours ago	Windows
Random kernel panic with PPP in 2.6.16.26 kernel	5 hours ago	Linux kernel
sata/ide timeout errors on asus server-mb	9 hours ago	Linux kernel
Resetting the bios password for Toshiba Laptop	13 hours ago	Hardware
Testing for EXT3 filesystem corruption	1 day ago	Linux kernel
Easter Eggs in windows XP	1 day ago	Windows
The state of Linux audio	1 day ago	Linux kernel
reading and writing to configuration register of PCI device	2 days ago	Linux kernel
[HFSX] how to read HFSX partion label	2 days ago	Linux general

Show all forums...

Colocation donated by:

Who's online

There are currently 6 users and 928 guests online.

Online users

Syndicate