lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20111012222454.GA3218@redhat.com>
Date:	Thu, 13 Oct 2011 00:24:54 +0200
From:	Andrea Arcangeli <aarcange@...hat.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Hillf Danton <dhillf@...il.com>,
	LKML <linux-kernel@...r.kernel.org>, linux-mm@...ck.org
Subject: Re: [PATCH] mm/huge_memory: Clean up typo when copying user highpage

On Wed, Oct 12, 2011 at 01:42:24PM -0700, Andrew Morton wrote:
> On Wed, 12 Oct 2011 19:51:48 +0200
> Andrea Arcangeli <aarcange@...hat.com> wrote:
> 
> > On Wed, Oct 12, 2011 at 10:39:36PM +0800, Hillf Danton wrote:
> > > Hi Andrea
> > > 
> > > When copying user highpage, the PAGE_SHIFT in the third parameter is a typo,
> > > I think, and is replaced with PAGE_SIZE.
> > 
> > That looks correct. I wonder how it was not noticed yet. Because it
> > can't go out of bound, it didn't risk to crash the kernel and it didn't
> > not risk to expose random data to the cowing task. So it shouldn't
> > have security implications as far as I can tell, but the app could
> > malfunction and crash (userland corruption only).
> 
> Which architectures care about the copy_user_page() `vaddr' argument? 
> mips, perhaps?  I suspect the intersection between those architectures
> and archs-which-implement-hugepages is the empty set.

Yes it's not happening. debug_cow was specifically meant to trap this
very case so there was little chance it could go unnoticed.

Never mind.... still the patch is correct and good idea to apply as cleanup.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ