Re: [PATCH 1/4] Routine for generating an safe ID for kernelpointer

From: Tejun Heo
Date: Tue Nov 15 2011 - 10:20:31 EST

Next message: Kyle Moffett: "[RFC PATCH 2/2] WIP: PowerPC cache cleanup"
Previous message: Mark Lord: "Re: [PATCH 5/5] net-next:asix: update VERSION and white space changes"
In reply to: Eric Dumazet: "Re: [PATCH 1/4] Routine for generating an safe ID for kernel pointer"
Next in thread: Pavel Emelyanov: "[PATCH 2/4] proc: Show namespaces IDs in /proc/pid/ns/* files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 15, 2011 at 03:36:33PM +0400, Pavel Emelyanov wrote:
> +unsigned long gen_object_id(void *ptr)
> +{
> + if (!ptr)
> + return 0;
> +
> + if (unlikely(!ptr_poison)) {
> + spin_lock(&ptr_poison_lock);
> + if (!ptr_poison)
> + get_random_bytes(&ptr_poison, sizeof(ptr_poison));
> + spin_unlock(&ptr_poison_lock);
> + }

One thing that worries me about this is that there's one ptr_poison
for all id's and any single leak of a pointer value will make all ids
vulnerable. If we're going to do this, let's segregate different id
spaces and use different poison values for each.

Thank you.

--
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kyle Moffett: "[RFC PATCH 2/2] WIP: PowerPC cache cleanup"
Previous message: Mark Lord: "Re: [PATCH 5/5] net-next:asix: update VERSION and white space changes"
In reply to: Eric Dumazet: "Re: [PATCH 1/4] Routine for generating an safe ID for kernel pointer"
Next in thread: Pavel Emelyanov: "[PATCH 2/4] proc: Show namespaces IDs in /proc/pid/ns/* files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]