iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/mm
History
Jordy Zomer 110860541f mm/secretmem: use refcount_t instead of atomic_t 
When a secret memory region is active, memfd_secret disables hibernation.
One of the goals is to keep the secret data from being written to
persistent-storage.

It accomplishes this by maintaining a reference count to
`secretmem_users`.  Once this reference is held your system can not be
hibernated due to the check in `hibernation_available()`.  However,
because `secretmem_users` is of type `atomic_t`, reference counter
overflows are possible.

As you can see there's an `atomic_inc` for each `memfd` that is opened in
the `memfd_secret` syscall.  If a local attacker succeeds to open 2^32
memfd's, the counter will wrap around to 0.  This implies that you may
hibernate again, even though there are still regions of this secret
memory, thereby bypassing the security check.

In an attempt to fix this I have used `refcount_t` instead of `atomic_t`
which prevents reference counter overflows.

Link: https://lkml.kernel.org/r/20210820043339.2151352-1-jordy@pwning.systems
Signed-off-by: Jordy Zomer <jordy@pwning.systems>
Cc: Kees Cook <keescook@chromium.org>,
Cc: Jordy Zomer <jordy@jordyzomer.github.io>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Mike Rapoport <rppt@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2021-09-08 11:50:24 -07:00
..
kasan
kasan: add memzero init for unaligned size at DEBUG
2021-07-15 10:13:49 -07:00
kfence
kfence: skip all GFP_ZONEMASK allocations
2021-07-23 17:43:28 -07:00
backing-dev.c
writeback, cgroup: remove wb from offline list before releasing refcnt
2021-07-23 17:43:28 -07:00
balloon_compaction.c
mm: fix typos in comments
2021-05-07 00:26:35 -07:00
bootmem_info.c
mm: memory_hotplug: factor out bootmem core functions to bootmem_info.c
2021-06-30 20:47:25 -07:00
cleancache.c
cma_debug.c
mm/cma: change cma mutex to irq safe spinlock
2021-05-05 11:27:21 -07:00
cma_sysfs.c
mm: cma: support sysfs
2021-05-05 11:27:24 -07:00
cma.c
mm: use proper type for cma_[alloc|release]
2021-05-05 11:27:24 -07:00
cma.h
mm: cma: support sysfs
2021-05-05 11:27:24 -07:00
compaction.c
mm: remove pfn_valid_within() and CONFIG_HOLES_IN_ZONE
2021-09-08 11:50:22 -07:00
debug_page_ref.c
debug_vm_pgtable.c
mm/swapops: rework swap entry manipulation code
2021-07-01 11:06:03 -07:00
debug.c
mm/debug: factor PagePoisoned out of __dump_page
2021-06-29 10:53:53 -07:00
dmapool.c
mm/dmapool: use DEVICE_ATTR_RO macro
2021-06-29 10:53:52 -07:00
early_ioremap.c
mm/early_ioremap.c: remove redundant early_ioremap_shutdown()
2021-09-08 11:50:24 -07:00
fadvise.c
mm, fadvise: improve the expensive remote LRU cache draining after FADV_DONTNEED
2020-10-13 18:38:29 -07:00
failslab.c
filemap.c
Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2021-07-03 11:30:04 -07:00
frontswap.c
mm/mempool: minor coding style tweaks
2021-05-05 11:27:27 -07:00
gup_test.c
selftests/vm: gup_test: test faulting in kernel, and verify pinnable pages
2021-05-05 11:27:26 -07:00
gup_test.h
selftests/vm: gup_test: fix test flag
2021-05-05 11:27:26 -07:00
gup.c
mm/madvise: report SIGBUS as -EFAULT for MADV_POPULATE_(READ|WRITE)
2021-08-13 14:09:31 -10:00
highmem.c
mm: in_irq() cleanup
2021-09-08 11:50:24 -07:00
hmm.c
mm: device exclusive memory access
2021-07-01 11:06:03 -07:00
huge_memory.c
mm/rmap: fix comments left over from recent changes
2021-07-11 15:05:15 -07:00
hugetlb_cgroup.c
hugetlb: make free_huge_page irq safe
2021-05-05 11:27:22 -07:00
hugetlb_vmemmap.c
mm: hugetlb: introduce CONFIG_HUGETLB_PAGE_FREE_VMEMMAP_DEFAULT_ON
2021-06-30 20:47:26 -07:00
hugetlb_vmemmap.h
mm: hugetlb: introduce nr_free_vmemmap_pages in the struct hstate
2021-06-30 20:47:25 -07:00
hugetlb.c
hugetlb: don't pass page cache pages to restore_reserve_on_error
2021-08-20 11:31:42 -07:00
hwpoison-inject.c
mm,hwpoison-inject: don't pin for hwpoison_filter
2020-10-16 11:11:16 -07:00
init-mm.c
mm: add setup_initial_init_mm() helper
2021-07-08 11:48:21 -07:00
internal.h
mmap: make mlock_future_check() global
2021-07-08 11:48:20 -07:00
interval_tree.c
mm/interval_tree: add comments to improve code readability
2021-04-30 11:20:38 -07:00
io-mapping.c
mm: add a io_mapping_map_user helper
2021-04-30 11:20:39 -07:00
ioremap.c
mm: move ioremap_page_range to vmalloc.c
2021-09-08 11:50:24 -07:00
Kconfig
mm: remove pfn_valid_within() and CONFIG_HOLES_IN_ZONE
2021-09-08 11:50:22 -07:00
Kconfig.debug
mm, page_poison: remove CONFIG_PAGE_POISONING_ZERO
2020-12-15 12:13:46 -08:00
khugepaged.c
mm, thp: relax the VM_DENYWRITE constraint on file-backed THPs
2021-06-30 20:47:29 -07:00
kmemleak.c
mm: in_irq() cleanup
2021-09-08 11:50:24 -07:00
ksm.c
mm/ksm: use vma_lookup() in find_mergeable_vma()
2021-06-29 10:53:52 -07:00
list_lru.c
mm: vmscan: consolidate shrinker_maps handling code
2021-05-05 11:27:23 -07:00
maccess.c
madvise.c
mm/madvise: report SIGBUS as -EFAULT for MADV_POPULATE_(READ|WRITE)
2021-08-13 14:09:31 -10:00
Makefile
mm: move ioremap_page_range to vmalloc.c
2021-09-08 11:50:24 -07:00
mapping_dirty_helpers.c
mm/mapping_dirty_helpers: remove double Note in kerneldoc
2021-07-01 11:06:02 -07:00
memblock.c
memblock: make for_each_mem_range() traverse MEMBLOCK_HOTPLUG regions
2021-07-23 17:43:28 -07:00
memcontrol.c
mm/memcg: fix incorrect flushing of lruvec data in obj_stock
2021-08-13 14:09:32 -10:00
memfd.c
Reimplement RLIMIT_MEMLOCK on top of ucounts
2021-04-30 14:14:02 -05:00
memory_hotplug.c
mm/memory_hotplug: use helper zone_is_zone_device() to simplify the code
2021-09-08 11:50:23 -07:00
memory-failure.c
mm/hwpoison: retry with shake_page() for unhandlable pages
2021-08-20 11:31:42 -07:00
memory.c
mm: fix the deadlock in finish_fault()
2021-07-23 17:43:28 -07:00
mempolicy.c
mm/mempolicy: use unified 'nodes' for bind/interleave/prefer policies
2021-06-30 20:47:29 -07:00
mempool.c
kasan: use separate (un)poison implementation for integrated init
2021-06-04 19:32:21 +01:00
memremap.c
mm/memory_hotplug: remove nid parameter from arch_remove_memory()
2021-09-08 11:50:23 -07:00
memtest.c
migrate.c
mm/migrate: fix NR_ISOLATED corruption on 64-bit
2021-07-30 10:14:39 -07:00
mincore.c
inode: make init and permission helpers idmapped mount aware
2021-01-24 14:27:16 +01:00
mlock.c
mm: introduce memfd_secret system call to create "secret" memory areas
2021-07-08 11:48:21 -07:00
mm_init.c
include/linux/page-flags-layout.h: cleanups
2021-04-30 11:20:42 -07:00
mmap_lock.c
mm: mmap_lock: fix disabling preemption directly
2021-07-23 17:43:28 -07:00
mmap.c
mmap: make mlock_future_check() global
2021-07-08 11:48:20 -07:00
mmu_gather.c
mm: eliminate "expecting prototype" kernel-doc warnings
2021-04-16 16:10:36 -07:00
mmu_notifier.c
mm/mmu_notifiers: ensure range_end() is paired with range_start()
2021-03-25 09:22:55 -07:00
mmzone.c
mm/lru: replace pgdat lru_lock with lruvec lock
2020-12-15 14:48:04 -08:00
mprotect.c
mm: device exclusive memory access
2021-07-01 11:06:03 -07:00
mremap.c
mm/mremap: allow arch runtime override
2021-07-08 11:48:23 -07:00
msync.c
mm/msync: exit early when the flags is an MS_ASYNC and start < vm_start
2021-04-30 11:20:37 -07:00
nommu.c
mm/nommu: unexport do_munmap()
2021-06-30 20:47:30 -07:00
oom_kill.c
Merge branch 'core-rcu-2021.07.04' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu
2021-07-04 12:58:33 -07:00
page_alloc.c
mm: track present early pages per zone
2021-09-08 11:50:23 -07:00
page_counter.c
mm: page_counter: mitigate consequences of a page_counter underflow
2021-04-30 11:20:38 -07:00
page_ext.c
mm: replace CONFIG_FLAT_NODE_MEM_MAP with CONFIG_FLATMEM
2021-06-29 10:53:55 -07:00
page_idle.c
mm: page_idle_get_page() does not need lru_lock
2020-12-15 14:48:03 -08:00
page_io.c
swap: fix swapfile read/write offset
2021-03-02 17:25:46 -07:00
page_isolation.c
mm: remove pfn_valid_within() and CONFIG_HOLES_IN_ZONE
2021-09-08 11:50:22 -07:00
page_owner.c
mm: remove pfn_valid_within() and CONFIG_HOLES_IN_ZONE
2021-09-08 11:50:22 -07:00
page_poison.c
mm: page_poison: print page info when corruption is caught
2021-04-30 11:20:36 -07:00
page_reporting.c
mm/page_reporting: allow driver to specify reporting order
2021-06-29 10:53:47 -07:00
page_reporting.h
mm/page_reporting: export reporting order as module parameter
2021-06-29 10:53:47 -07:00
page_vma_mapped.c
mm: device exclusive memory access
2021-07-01 11:06:03 -07:00
page-writeback.c
for-5.14/block-2021-06-29
2021-06-30 12:12:56 -07:00
pagewalk.c
mm: pagewalk: fix walk for hugepage tables
2021-06-29 10:53:49 -07:00
percpu-internal.h
Merge branch 'for-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu
2021-07-01 17:17:24 -07:00
percpu-km.c
percpu: flush tlb in pcpu_reclaim_populated()
2021-07-04 18:30:17 +00:00
percpu-stats.c
percpu: rework memcg accounting
2021-06-05 20:43:15 +00:00
percpu-vm.c
percpu: flush tlb in pcpu_reclaim_populated()
2021-07-04 18:30:17 +00:00
percpu.c
percpu: flush tlb in pcpu_reclaim_populated()
2021-07-04 18:30:17 +00:00
pgalloc-track.h
mm: fix typos in comments
2021-05-07 00:26:35 -07:00
pgtable-generic.c
mm/thp: fix __split_huge_pmd_locked() on shmem migration entry
2021-06-16 09:24:42 -07:00
process_vm_access.c
mm/process_vm_access.c: remove duplicate include
2021-05-05 11:27:27 -07:00
ptdump.c
mm: ptdump: fix build failure
2021-04-16 16:10:37 -07:00
readahead.c
mm: Implement readahead_control pageset expansion
2021-04-23 10:14:29 +01:00
rmap.c
mm: remove redundant compound_head() calling
2021-09-08 11:50:23 -07:00
rodata_test.c
mm/rodata_test.c: fix missing function declaration
2020-08-21 09:52:53 -07:00
secretmem.c
mm/secretmem: use refcount_t instead of atomic_t
2021-09-08 11:50:24 -07:00
shmem.c
Revert "mm/shmem: fix shmem_swapin() race with swapoff"
2021-08-20 11:31:41 -07:00
shuffle.c
mm: eliminate "expecting prototype" kernel-doc warnings
2021-04-16 16:10:36 -07:00
shuffle.h
mm/shuffle: fix section mismatch warning
2021-05-22 15:09:07 -10:00
slab_common.c
Merge branch 'core-rcu-2021.07.04' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu
2021-07-04 12:58:33 -07:00
slab.c
mm: fix typos in comments
2021-05-07 00:26:35 -07:00
slab.h
mm/memcg: fix NULL pointer dereference in memcg_slab_free_hook()
2021-07-30 10:14:39 -07:00
slob.c
mm: Don't build mm_dump_obj() on CONFIG_PRINTK=n kernels
2021-03-08 14:18:46 -08:00
slub.c
mm: slub: fix slub_debug disabling for list of slabs
2021-08-13 14:09:31 -10:00
sparse-vmemmap.c
mm: sparsemem: split the huge PMD mapping of vmemmap pages
2021-06-30 20:47:26 -07:00
sparse.c
mm: memory_hotplug: factor out bootmem core functions to bootmem_info.c
2021-06-30 20:47:25 -07:00
swap_cgroup.c
swap_slots.c
mm/swap_slots.c: delete meaningless forward declarations
2021-06-29 10:53:49 -07:00
swap_state.c
Revert "mm: swap: check if swap backing device is congested or not"
2021-08-20 11:31:42 -07:00
swap.c
mm: fix typos and grammar error in comments
2021-07-01 11:06:02 -07:00
swapfile.c
mm: fix spelling mistakes
2021-07-01 11:06:02 -07:00
truncate.c
mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
2021-06-16 09:24:42 -07:00
usercopy.c
userfaultfd.c
userfaultfd/shmem: modify shmem_mfill_atomic_pte to use install_pte()
2021-06-30 20:47:27 -07:00
util.c
mm: Make copy_huge_page() always available
2021-07-12 11:30:56 -07:00
vmacache.c
vmalloc.c
mm: don't allow executable ioremap mappings
2021-09-08 11:50:24 -07:00
vmpressure.c
vmscan.c
mm: vmscan: fix missing psi annotation for node_reclaim()
2021-08-20 11:31:42 -07:00
vmstat.c
mm/vmstat: inline NUMA event counter updates
2021-06-29 10:53:54 -07:00
workingset.c
mm: workingset: define macro WORKINGSET_SHIFT
2021-06-30 20:47:28 -07:00
z3fold.c
mm/z3fold: add kerneldoc fields for z3fold_pool
2021-07-01 11:06:03 -07:00
zbud.c
mm/zbud: add kerneldoc fields for zbud_pool
2021-07-01 11:06:03 -07:00
zpool.c
mm: fix typos in comments
2021-05-07 00:26:35 -07:00
zsmalloc.c
mm/zsmalloc.c: improve readability for async_free_zspage()
2021-07-01 11:06:02 -07:00
zswap.c
mm/zswap.c: fix two bugs in zswap_writeback_entry()
2021-06-30 20:47:31 -07:00