Received: by 10.192.165.148 with SMTP id m20csp4731815imm;
        Tue, 24 Apr 2018 07:34:07 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/XTe8AKwMvd9do1AkIGnvSm5AH/wjCs/tY94xDf1zzL1FJLl9EuyHPbBElWi6eCkp7xb5h
X-Received: by 10.101.100.193 with SMTP id t1mr15981455pgv.406.1524580446976;
        Tue, 24 Apr 2018 07:34:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524580446; cv=none;
        d=google.com; s=arc-20160816;
        b=VLkd36E7lHrjKJ9mEMbt3DAJRJ0mKq1rWwrPpX73c3thlqAwsZmvsl8vKsplTiFoIC
         yc+hr7Nx1zE2UmbKUqMQyBZX901NlKvfyXR5gyzKFKBVul9PjCvRWgLEa3QH7Yx0Ey1T
         1FzuBt8z27ozcr8xj5w9uouGSiWk7m5uE39j8y0bw7Bn6ZRgt94P1J7+KLNrOENhNNC7
         kQtzIwH/YQN4LLqYfJCEuLhIzZmgplRRRiEJKZU5dPy5tWudgyBaoldTFSWyPcSCCH3N
         3OYuYuc6QggXqPNcE25a6NGT4T4NMMEZ8vnegGYs0jKkCJdbWe5YdDzjtlA0wsad3o5I
         V2yg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=Lk2/KwrHJdO0WurFYLgCDEX2OpwPBgP9SIx/6mvI3cU=;
        b=AZ4oO1UePBg8dfzvZtcIMdMV/xa9yv++p+IaaM6JK9kId6SF+kndSc50IkzQv7CFkz
         RDwGYmC24MCGpISxcrcXd+jlOJRxQ63UjGJuXSwGcp4JF2RG5ZxlleTW5UcEbDeJ6Y3v
         00+i501Eg5wd935wo3UrefKoljlNpR/YHk2KsR1YgUaBhsNjP3SIsfn9+XoL/W0Xp61e
         SGVbj4IqlUC/jxk4/L1xmn+WB9iFLJINuY+mC5+wKiZrpexn4qZry0LnfA1/4bWSS2Dc
         lSPxr45y7SgGrbgMgjfCbEcPf5zS+DmV+rTGesVkga7pezS6XdXvT7f+ccwaZyy2zEii
         kQwg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=rso155Nc;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e1si11645321pgu.537.2018.04.24.07.33.52;
        Tue, 24 Apr 2018 07:34:06 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=rso155Nc;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933015AbeDXMcm (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Tue, 24 Apr 2018 08:32:42 -0400
Received: from mail-wm0-f47.google.com ([74.125.82.47]:39979 "EHLO
        mail-wm0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751264AbeDXMcl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 24 Apr 2018 08:32:41 -0400
Received: by mail-wm0-f47.google.com with SMTP id j5so546172wme.5;
        Tue, 24 Apr 2018 05:32:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-transfer-encoding:content-language;
        bh=Lk2/KwrHJdO0WurFYLgCDEX2OpwPBgP9SIx/6mvI3cU=;
        b=rso155NcJUmn1QufDbekhuPshoS6xJJiVAWZRggqH8OTBaw0CIokVivMAziItNammp
         q9RKdO6lv+sLLZtysqx2Njoie6pEzrtREKcX3kzW7VsdPSb+ZrCg93ZreJy1cUtf3eGS
         wgVYMXfwNqYinBZWyGjJKUU9iUfeiJcwsDOHgXjAF+KOIm1Wb8JADjNTcluFvOZBFOMR
         KxFZRRFfOqHlo1WVNy1R9/eH4n8NFkMvdjRKJaR05zsCa6AzPeICGJ0snTALdd2GofnK
         K01VFOn1QNlTDQwcAk0bZw4xc3oSRDptKn4VpjmVlgK548UZ2ixWO89PmRsq1tps4Bwi
         JmkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding
         :content-language;
        bh=Lk2/KwrHJdO0WurFYLgCDEX2OpwPBgP9SIx/6mvI3cU=;
        b=TgBb6Ee5xCBuCZ7O5Jnae6y3lSnucYtM6ruFBlbeIisPZu4XbparrUXJfphh+ZHvQR
         e8hkmzcWraM/zZhu2lpT+U1TbxrhDpN/MLDyfjZrjH13beFlI7MR/ejRHm/TD897V1V4
         OLqlOmMvNvT4MEX1wE8Aq2OOuC49wfqFmZkUZG6n4ZQ4aEM9Msste/S92VIHWHgjZpvR
         3Ll2PgF/h8JFU6N20WAeUm/TJSsDz7rjQrGtY1D99BoKkghAe95a6S1F6QATHR4GFYTx
         QuNwdSn276PJl/Yqp5/OxHv0ij3siezSF7F6J787KJnb0+zshYtNa7uUcGCMIu+3rZ2f
         MJZA==
X-Gm-Message-State: ALQs6tC1uoQJiX7z4PCUSwhB5HxxI/vVgRwcl542VB/7oe+CreretuU/
        n8KSgwnPzSAL8A0NPIcsFnY=
X-Received: by 10.28.158.144 with SMTP id h138mr2668730wme.33.1524573159800;
        Tue, 24 Apr 2018 05:32:39 -0700 (PDT)
Received: from [192.168.0.9] (host187-135-dynamic.116-80-r.retail.telecomitalia.it. [80.116.135.187])
        by smtp.gmail.com with ESMTPSA id d12-v6sm4769673wrg.2.2018.04.24.05.32.37
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 24 Apr 2018 05:32:38 -0700 (PDT)
Subject: Re: [PATCH 7/9] Pmalloc Rare Write: modify selected pools
To:     Matthew Wilcox <willy@infradead.org>,
        Igor Stoppa <igor.stoppa@gmail.com>
Cc:     keescook@chromium.org, paul@paul-moore.com, sds@tycho.nsa.gov,
        mhocko@kernel.org, corbet@lwn.net, labbott@redhat.com,
        linux-cc=david@fromorbit.com, --cc=rppt@linux.vnet.ibm.com,
        --security-module@vger.kernel.org, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com,
        Igor Stoppa <igor.stoppa@huawei.com>,
        Carlos Chinea Perez <carlos.chinea.perez@huawei.com>,
        Remi Denis Courmont <remi.denis.courmont@huawei.com>
References: <20180423125458.5338-1-igor.stoppa@huawei.com>
 <20180423125458.5338-8-igor.stoppa@huawei.com>
 <20180424115050.GD26636@bombadil.infradead.org>
From:   lazytyped <lazytyped@gmail.com>
Message-ID: <eb23fbd9-1b9e-8633-b0eb-241b8ad24d95@gmail.com>
Date:   Tue, 24 Apr 2018 14:32:36 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0)
 Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <20180424115050.GD26636@bombadil.infradead.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 4/24/18 1:50 PM, Matthew Wilcox wrote:
> struct modifiable_data {
> 	struct immutable_data *d;
> 	...
> };
>
> Then allocate a new pool, change d and destroy the old pool.

With the above, you have just shifted the target of the arbitrary write
from the immutable data itself to the pointer to the immutable data, so
got no security benefit.

The goal of the patch is to reduce the window when stuff is writeable,
so that an arbitrary write is likely to hit the time when data is read-only.


       -  Enrico