|
Message-Id: <B55D8C2E-39CF-4588-9C85-B78849C7D903@dwheeler.com> Date: Fri, 29 Jan 2021 12:30:01 -0500 From: "David A. Wheeler" <dwheeler@...eeler.com> To: oss-security@...ts.openwall.com Subject: Re: Linux Kernel: local priv escalation via futexes > On Jan 29, 2021, at 12:01 PM, Marcus Meissner <meissner@...e.de> wrote: > Mitre has now assigned CVE-2021-3347. > > On Fri, Jan 29, 2021 at 05:42:08PM +0100, Solar Designer wrote: >> Hi, >> >> I'm not familiar with futexes, but just to save others a few minutes on >> looking this up: > > (Is anyone? Futex are too complex for me at least, I would guess also > using them is error prone.) Here’s some helpful context. "A futex overview and update” (2009) at https://lwn.net/Articles/360699/ "The futex mechanism... is a fast, lightweight kernel-assisted locking primitive for user-space applications. It provides for very fast uncontended lock acquisition and release. The futex state is stored in a user-space variable (an unsigned 32-bit integer on all platforms). Atomic operations are used in order to change the state of the futex in the uncontended case without the overhead of a syscall. In the contended cases, the kernel is invoked to put tasks to sleep and wake them up. Futexes are the basis of several mutual exclusion constructs commonly used in threaded programming." More recently: "Rethinking the futex API” (2020): https://lwn.net/Articles/823513/ "The current effort to rework futexes appears to be driven by a couple of concerns. One that goes mostly unstated is the desire to create a system-call interface that makes a bit more sense than futex(), which is a complex, multiplexed API with wildly varying arguments and a number of special cases.” --- David A. Wheeler
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.