From owner-freebsd-security@FreeBSD.ORG Wed Nov 7 13:47:10 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7FEE5978 for ; Wed, 7 Nov 2012 13:47:10 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id DDE1C8FC08 for ; Wed, 7 Nov 2012 13:47:09 +0000 (UTC) Received: from tom.home (localhost [127.0.0.1]) by kib.kiev.ua (8.14.5/8.14.5) with ESMTP id qA7Dl18Z056616; Wed, 7 Nov 2012 15:47:01 +0200 (EET) (envelope-from kostikbel@gmail.com) X-DKIM: OpenDKIM Filter v2.5.2 kib.kiev.ua qA7Dl18Z056616 Received: (from kostik@localhost) by tom.home (8.14.5/8.14.5/Submit) id qA7Dl1d6056615; Wed, 7 Nov 2012 15:47:01 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Wed, 7 Nov 2012 15:47:01 +0200 From: Konstantin Belousov To: Dag-Erling Sm??rgrav Subject: Re: md(4) (swap-base) disks not cleaned on creation Message-ID: <20121107134701.GP73505@kib.kiev.ua> References: <20121106184658.GA24262@psconsult.nl> <20121106192704.GM73505@kib.kiev.ua> <86fw4lio7s.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jmbcokH0GrqI2Ucc" Content-Disposition: inline In-Reply-To: <86fw4lio7s.fsf@ds4.des.no> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=0.2 required=5.0 tests=ALL_TRUSTED, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on tom.home Cc: freebsd-security@freebsd.org, Paul Schenkeveld X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2012 13:47:10 -0000 --jmbcokH0GrqI2Ucc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 07, 2012 at 01:36:55PM +0100, Dag-Erling Sm??rgrav wrote: > Konstantin Belousov writes: > > It is definitely not a security issue. >=20 > I disagree. There may be legitimate reasons for root to create an md > and give read access to an unprivileged user, under the assumption that > it is zeroed; or to allow root in a jail to create mds. I disagree, but lets this settle. I will commit a fix today. >=20 > DES > --=20 > Dag-Erling Sm??rgrav - des@des.no >=20 > > That said, the following patch should fix the nit. I am unsure about > > it, because it fixes mostly non-issue by spending CPU time to zero a > > page which would be either zeroed or overwritten right now anyway in > > normal usage. >=20 > You can at least partly mitigate this by adding VM_ALLOC_ZERO to the > flags passed to vm_page_grab() on line 666 and then checking the PG_ZERO > bit in m->flags. This is worse, since now you deprive the zero pool even for the case when the page is successfully read from the swap later. My patch only zeroes pages which do not have any content to fill. --jmbcokH0GrqI2Ucc Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlCaZlQACgkQC3+MBN1Mb4hN+wCgtePtQOrIyjlSRxa5ZEeC4UlT cowAoIlDN7Fkt7oZzbco+TvwsERBtvtM =F0UV -----END PGP SIGNATURE----- --jmbcokH0GrqI2Ucc--