Re: [PATCH] mm/secretmem: use refcount_t instead of atomic_t

From: James Bottomley
Date: Fri Aug 20 2021 - 10:57:32 EST

Next message: Bjorn Helgaas: "[GIT PULL] PCI fixes for v5.14"
Previous message: John Allen: "[PATCH] crypto: ccp - Add support for new CCP/PSP device ID"
In reply to: Kees Cook: "Re: [PATCH] mm/secretmem: use refcount_t instead of atomic_t"
Next in thread: Kees Cook: "Re: [PATCH] mm/secretmem: use refcount_t instead of atomic_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2021-08-20 at 06:33 +0200, Jordy Zomer wrote:
> As you can see there's an `atomic_inc` for each `memfd` that is
> opened in the `memfd_secret` syscall. If a local attacker succeeds to
> open 2^32 memfd's, the counter will wrap around to 0. This implies
> that you may hibernate again, even though there are still regions of
> this secret memory, thereby bypassing the security check.

This isn't a possible attack, is it? secret memory is per process and
each process usually has an open fd limit of 1024. That's not to say
we shouldn't have overflow protection just in case, but I think today
we don't have a problem.

James

Next message: Bjorn Helgaas: "[GIT PULL] PCI fixes for v5.14"
Previous message: John Allen: "[PATCH] crypto: ccp - Add support for new CCP/PSP device ID"
In reply to: Kees Cook: "Re: [PATCH] mm/secretmem: use refcount_t instead of atomic_t"
Next in thread: Kees Cook: "Re: [PATCH] mm/secretmem: use refcount_t instead of atomic_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]