| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Jun 2012 10:46:44 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Andrea Arcangeli <aarcange@...hat.com>
Cc: Josh Boyer <jwboyer@...il.com>,
Greg KH <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, stable@...r.kernel.org,
akpm@...ux-foundation.org, alan@...rguk.ukuu.org.uk,
Ulrich Obergfell <uobergfe@...hat.com>,
Mel Gorman <mgorman@...e.de>, Hugh Dickins <hughd@...gle.com>,
Larry Woodman <lwoodman@...hat.com>,
Petr Matousek <pmatouse@...hat.com>,
Rik van Riel <riel@...hat.com>
Subject: Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs
pmd_populate SMP race condition
On Thu, Jun 7, 2012 at 7:42 AM, Andrea Arcangeli <aarcange@...hat.com> wrote:
>
> From the oops it looks like atomic64_read trips on a dangling pmdp
> pointer, but if the problem doesn't happen with Xen then the pointer
> value shouldn't be the problem, and in turn the lock cmpxchg8b used to
> access the pointer is likely the problem.
So I assume that Xen just turns the page tables read-only in order to
track them, and then assumes that nobody modifies them in the
particular section. And the cmpxchg64 looks like a modification, even
if we only use it to read things.
Andrea, do we have any guarantees like "once it has turned into a
regular page table, we won't see it turn back if we hold the mmap
sem"? Or anything like that? Because it is possible that we could do
this entirely with some ordering guarantee - something like the
attached patch?
Totally untested, of course.
Linus
Download attachment "patch.diff" of type "application/octet-stream" (1732 bytes)
Powered by blists - more mailing lists