lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Jun 2022 17:44:35 +0100 From: Matthew Wilcox <willy@...radead.org> To: Kees Cook <keescook@...omium.org> Cc: linux-mm@...ck.org, Uladzislau Rezki <urezki@...il.com>, Zorro Lang <zlang@...hat.com>, linux-xfs@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH 1/3] usercopy: Handle vm_map_ram() areas On Mon, Jun 13, 2022 at 09:23:15AM -0700, Kees Cook wrote: > On Sun, Jun 12, 2022 at 10:32:25PM +0100, Matthew Wilcox (Oracle) wrote: > > vmalloc does not allocate a vm_struct for vm_map_ram() areas. That causes > > us to deny usercopies from those areas. This affects XFS which uses > > vm_map_ram() for its directories. > > > > Fix this by calling find_vmap_area() instead of find_vm_area(). > > Thanks for the fixes! > > > [...] > > + /* XXX: We should also abort for free vmap_areas */ > > What's needed to detect this? I'm not entirely sure. I only just learned of the existence of this struct ;-) /* * The following two variables can be packed, because * a vmap_area object can be either: * 1) in "free" tree (root is free_vmap_area_root) * 2) or "busy" tree (root is vmap_area_root) */ union { unsigned long subtree_max_size; /* in "free" tree */ struct vm_struct *vm; /* in "busy" tree */ }; Hmm. Actually, we only search vmap_area_root, so I suppose it can't be a free area. So this XXX can be removed, as we'll get NULL back if we've got a pointer to a free area. Ulad, do I have this right?
Powered by blists - more mailing lists