Received: by 2002:a05:7412:6592:b0:d7:7d3a:4fe2 with SMTP id m18csp1197248rdg; Fri, 11 Aug 2023 13:04:52 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHcZaXV4G+b3NC/sm3DJNzvMRAjZx35UXhM5o7VcFTQqTOkiFYhjQLgnQiwgHpMKHT1LwpR X-Received: by 2002:a05:6a00:1393:b0:67a:52a7:b278 with SMTP id t19-20020a056a00139300b0067a52a7b278mr3766931pfg.9.1691784292001; Fri, 11 Aug 2023 13:04:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691784291; cv=none; d=google.com; s=arc-20160816; b=ofdVfPvRcEammWR3EdMdUz77DchY09WN0oPW6xszDo4o27NvPDFMZIuIVIXOayvBVB s3vPYlD6qqouh/WtpcnG+N9HyPRtItfI5Fqj0mAzlu0cHXAaZvfEg2ZCYn4z0353qEQX q5NsZA/nfMaT3qFAHOYJm1SYUs/qVPLdtTxxKDeXgq60BGm3egYsRwmHLpk4haR1BwqV 59uDByU9MRDehlMZii2RDb+EZu3T4uu2RWc2CgjVrgAHYGBJqB99KWQgoXBXtCpTPQW3 rv0ntnTNucySh+TL9POI+yhND35bVFPnk4nWU9uWEQAgOSVBXPO7RFqvz1xzbNfGawJd ZfOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=BK3gvoymPttZuIepDJ+zbaZoHKAGNLdE6nD2UU7pVBI=; fh=wm/kBt0H3QZjNv+HkYzmLPpDdQQY+6LzzoZWw3GAt+c=; b=SG4gD5d6E1dVDrvdy76/jU+cL+AsyuxDvcow74aYemkLP45WZ/jIynvVHr5ergF3od 4Jl33S6AX3BsekzyODnlmbemmDc80x/5Kdt3jNcK3XXLHDrwQLOgMaWad01KZApFZ1lg 6eKrIV5W5yhD+z+6nZ5e2ZSdBflU3soTYJIVvBdtEW6YTZBnOYHIrppdTc038skBqc4k o85WWUL1JPjQ8MkTZSKNh8OnNS+akXECOThS8cdNMw7wPo4t1L/GADxGm7couSm+fl6Z ef8gAokLGavgjvZeMr4cAJC328zzwaEp6je5sIe8juRU5TNib17EATuLXxR8UWx6Bcad mIcA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g18-20020a056a000b9200b006826f3512f1si4004448pfj.204.2023.08.11.13.04.40; Fri, 11 Aug 2023 13:04:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236703AbjHKTeE (ORCPT + 99 others); Fri, 11 Aug 2023 15:34:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34994 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231685AbjHKTeD (ORCPT ); Fri, 11 Aug 2023 15:34:03 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3940B1FE3; Fri, 11 Aug 2023 12:34:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BB3966794B; Fri, 11 Aug 2023 19:34:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2DBFCC433C8; Fri, 11 Aug 2023 19:33:59 +0000 (UTC) Date: Fri, 11 Aug 2023 15:33:57 -0400 From: Steven Rostedt To: Kees Cook Cc: Marco Elver , Andrew Morton , Guenter Roeck , Peter Zijlstra , Mark Rutland , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon , Nathan Chancellor , Nick Desaulniers , Tom Rix , Miguel Ojeda , Sami Tolvanen , linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Dmitry Vyukov , Alexander Potapenko , kasan-dev@googlegroups.com, linux-toolchains@vger.kernel.org Subject: Re: [PATCH v3 3/3] list_debug: Introduce CONFIG_DEBUG_LIST_MINIMAL Message-ID: <20230811153357.3cdfdbeb@gandalf.local.home> In-Reply-To: <202308101259.D2C4C72F8@keescook> References: <20230808102049.465864-1-elver@google.com> <20230808102049.465864-3-elver@google.com> <202308081424.1DC7AA4AE3@keescook> <20230809113021.63e5ef66@gandalf.local.home> <202308101259.D2C4C72F8@keescook> X-Mailer: Claws Mail 3.19.1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 10 Aug 2023 13:11:58 -0700 Kees Cook wrote: > > [...] > > + /* > > + * With the hardening version, elide checking if next and prev > > + * are NULL, LIST_POISON1 or LIST_POISON2, since the immediate > > + * dereference of them below would result in a fault. > > + */ > > + if (likely(prev->next == entry && next->prev == entry)) > > + return true; > > I'm not super excited about skipping those checks, since they are > values that can be reached through kernel list management confusion. If > an attacker is using a system where the zero-page has been mapped > and is accessible (i.e. lacking SMAP etc), then attacks could still > be constructed. However, I do recognize this chain of exploitation > prerequisites is getting rather long, so probably this is a reasonable > trade off on modern systems. A totally hardened machine is one that doesn't run ;-) Yes, hopefully that when the kernel is configured with HARDENED it will eliminate steps to a prerequisite attack. I'm sure enabling lockdep would also help harden the system too. But there is a balance between security and performance. The more that adding security harms performance, the less people will use that security. -- Steve