Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1547206pxb; Fri, 20 Aug 2021 08:05:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwqlMYkJO04QDwBa7JVc0SJhTOv12oaBQ7jhYpzq46vhtLueGn0e59GUik05cOKdLvCLrGs X-Received: by 2002:aa7:d319:: with SMTP id p25mr23163321edq.197.1629471905136; Fri, 20 Aug 2021 08:05:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629471905; cv=none; d=google.com; s=arc-20160816; b=jb8ljqN1L4klwgnvaNTE4TFeQoPh+2h0E4muOZoMbCfJFkNJyownUtDWXZiDQMDJAG d6iInTasaKKyXRCTsfhUt7LOPUXwZMu707RvPZRv+3ehrvZgbiniaI9MOmqxeYgJHfbE X4yoIVgn0Ii5jNSan/+ZssYHrJoaqo354hXkhZNnr4Igsz3CoD3eYO9bqpz6+Ue1f+kR 13iRlKdaQiaC/gJuLdc/rZgB5Lki3+0jDsinFOitXjbt4qSg6dkrWdfLuj8SuCGafGI/ BIRXJ64xOwmXMeU44PJDDYXnoVnCU7bJBa7cEGXNjuF/lnIAp7tyK7hWeGt/wSvxNqbz oqcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature:dkim-signature; bh=vWyMuDf6RnjyUth4CKhYweN5lsQ+MoXuiVtlQu1RJuU=; b=F8Yvx0VqCHdXHEsgY/dqzsTRFdThKbHEwu6DL6Biif28N4J2RsfNrOBfr/jE4yMsWG Fe7D5uoxDeCGK/JTlAoi/nKOMwiUn/Jkh/30iiBy2lEsHKQ8opC8wdVyOZymKWFG5wzF P0YMk0xaXLgRWm6u55hY8N2qB3ZV233sdm58Kp0wq3+v1l2ptYtdYza+4GzBElldjMdf uozizSkUouLUEeNPyKAw3K4Lky+IIw/dbHBX16HtikrzoId7Kt2bgYJVO2femWUfCy9e yO7STtD4jQMTM7lIm4B8Kt/6PgNw41LiuELfuIkLsMSTgyrr53w0iWKBj7JKIivQECr0 G1NA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=efYeKvGO; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=efYeKvGO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c15si7047275ejz.158.2021.08.20.08.04.24; Fri, 20 Aug 2021 08:05:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=efYeKvGO; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=efYeKvGO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240955AbhHTO6H (ORCPT + 99 others); Fri, 20 Aug 2021 10:58:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41232 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240951AbhHTO6H (ORCPT ); Fri, 20 Aug 2021 10:58:07 -0400 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [IPv6:2607:fcd0:100:8a00::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F7B7C061756 for ; Fri, 20 Aug 2021 07:57:28 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 48FF41280D3A; Fri, 20 Aug 2021 07:57:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1629471447; bh=T8fM0mMRGQEJQ9wSjnQ4z65LLLqaO9J01HLIBiCTQuk=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=efYeKvGOmb9BLn5/gUTYk7Uqzr9d7FhsQAJVFS50qmzQjZoHuYPMhtEsw+Rjz9F/9 LZn3QfaPBp9CYGY8IC86zNe4NL9c+trOENn53Y1jvqONfq2dZhTmQVrjCf+Ej0hLNl ZeevjB0drNUVzdgyTrCBU93z1lC3iSPFW8mpP+Kk= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oKM4JfCuzp5p; Fri, 20 Aug 2021 07:57:27 -0700 (PDT) Received: from jarvis.int.hansenpartnership.com (unknown [IPv6:2601:600:8280:66d1::527]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id BC72C1280CAE; Fri, 20 Aug 2021 07:57:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1629471447; bh=T8fM0mMRGQEJQ9wSjnQ4z65LLLqaO9J01HLIBiCTQuk=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=efYeKvGOmb9BLn5/gUTYk7Uqzr9d7FhsQAJVFS50qmzQjZoHuYPMhtEsw+Rjz9F/9 LZn3QfaPBp9CYGY8IC86zNe4NL9c+trOENn53Y1jvqONfq2dZhTmQVrjCf+Ej0hLNl ZeevjB0drNUVzdgyTrCBU93z1lC3iSPFW8mpP+Kk= Message-ID: <0874a50b61cfaf7c817cab7344c49c1641c1fd10.camel@HansenPartnership.com> Subject: Re: [PATCH] mm/secretmem: use refcount_t instead of atomic_t From: James Bottomley To: Jordy Zomer , linux-kernel@vger.kernel.org Cc: Kees Cook , Andrew Morton , linux-mm@kvack.org, Mike Rapoport Date: Fri, 20 Aug 2021 07:57:25 -0700 In-Reply-To: <20210820043339.2151352-1-jordy@pwning.systems> References: <20210820043339.2151352-1-jordy@pwning.systems> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2021-08-20 at 06:33 +0200, Jordy Zomer wrote: > As you can see there's an `atomic_inc` for each `memfd` that is > opened in the `memfd_secret` syscall. If a local attacker succeeds to > open 2^32 memfd's, the counter will wrap around to 0. This implies > that you may hibernate again, even though there are still regions of > this secret memory, thereby bypassing the security check. This isn't a possible attack, is it? secret memory is per process and each process usually has an open fd limit of 1024. That's not to say we shouldn't have overflow protection just in case, but I think today we don't have a problem. James