lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230929173414.g7ovzk4hwpz5kobq@revolver> Date: Fri, 29 Sep 2023 13:34:14 -0400 From: "Liam R. Howlett" <Liam.Howlett@...cle.com> To: Kees Cook <keescook@...omium.org> Cc: Andrew Morton <akpm@...ux-foundation.org>, Sebastian Ott <sebott@...hat.com>, Yu Zhao <yuzhao@...gle.com>, linux-mm@...ck.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] mm: Fix vm_brk_flags() to not bail out while holding lock * Kees Cook <keescook@...omium.org> [230929 13:19]: > From: Sebastian Ott <sebott@...hat.com> > > Calling vm_brk_flags() with flags set other than VM_EXEC > will exit the function without releasing the mmap_write_lock. > > Just do the sanity check before the lock is acquired. This > doesn't fix an actual issue since no caller sets a flag other > than VM_EXEC. > > Cc: Andrew Morton <akpm@...ux-foundation.org> > Cc: Liam R. Howlett <Liam.Howlett@...cle.com> > Cc: Yu Zhao <yuzhao@...gle.com> > Cc: linux-mm@...ck.org > Fixes: 2e7ce7d354f2 ("mm/mmap: change do_brk_flags() to expand existing VMA and add do_brk_munmap()") > Signed-off-by: Sebastian Ott <sebott@...hat.com> > Signed-off-by: Kees Cook <keescook@...omium.org> Reviewed-by: Liam R. Howlett <Liam.Howlett@...cle.com> > --- > mm/mmap.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/mm/mmap.c b/mm/mmap.c > index 34d2337ace59..c8996fe847c9 100644 > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -3143,13 +3143,13 @@ int vm_brk_flags(unsigned long addr, unsigned long request, unsigned long flags) > if (!len) > return 0; > > - if (mmap_write_lock_killable(mm)) > - return -EINTR; > - > /* Until we need other flags, refuse anything except VM_EXEC. */ > if ((flags & (~VM_EXEC)) != 0) > return -EINVAL; > > + if (mmap_write_lock_killable(mm)) > + return -EINTR; > + > ret = check_brk_limits(addr, len); > if (ret) > goto limits_failed; > -- > 2.34.1 >
Powered by blists - more mailing lists