oss-sec mailing list archives
Re: Linux Kernel: local priv escalation via futexes
From: "David A. Wheeler" <dwheeler () dwheeler com>
Date: Fri, 29 Jan 2021 12:30:01 -0500
On Jan 29, 2021, at 12:01 PM, Marcus Meissner <meissner () suse de> wrote: Mitre has now assigned CVE-2021-3347. On Fri, Jan 29, 2021 at 05:42:08PM +0100, Solar Designer wrote:Hi, I'm not familiar with futexes, but just to save others a few minutes on looking this up:(Is anyone? Futex are too complex for me at least, I would guess also using them is error prone.)
Here’s some helpful context. "A futex overview and update” (2009) at https://lwn.net/Articles/360699/ "The futex mechanism... is a fast, lightweight kernel-assisted locking primitive for user-space applications. It provides for very fast uncontended lock acquisition and release. The futex state is stored in a user-space variable (an unsigned 32-bit integer on all platforms). Atomic operations are used in order to change the state of the futex in the uncontended case without the overhead of a syscall. In the contended cases, the kernel is invoked to put tasks to sleep and wake them up. Futexes are the basis of several mutual exclusion constructs commonly used in threaded programming." More recently: "Rethinking the futex API” (2020): https://lwn.net/Articles/823513/ "The current effort to rework futexes appears to be driven by a couple of concerns. One that goes mostly unstated is the desire to create a system-call interface that makes a bit more sense than futex(), which is a complex, multiplexed API with wildly varying arguments and a number of special cases.” --- David A. Wheeler
Current thread:
- Linux Kernel: local priv escalation via futexes Marcus Meissner (Jan 29)
- Re: Linux Kernel: local priv escalation via futexes Solar Designer (Jan 29)
- Re: Linux Kernel: local priv escalation via futexes Marcus Meissner (Jan 29)
- Re: Linux Kernel: local priv escalation via futexes David A. Wheeler (Jan 29)
- Re: Linux Kernel: local priv escalation via futexes Solar Designer (Feb 01)
- Re: Linux Kernel: local priv escalation via futexes Marcus Meissner (Jan 29)
- Re: Linux Kernel: local priv escalation via futexes Solar Designer (Jan 29)