lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+55aFzv-z0njtAnpgOsVES70+igwV7HCteQbQ6M6uTsYvn5WQ@mail.gmail.com>
Date:	Thu, 7 Jun 2012 10:46:44 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Andrea Arcangeli <aarcange@...hat.com>
Cc:	Josh Boyer <jwboyer@...il.com>,
	Greg KH <gregkh@...uxfoundation.org>,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org,
	akpm@...ux-foundation.org, alan@...rguk.ukuu.org.uk,
	Ulrich Obergfell <uobergfe@...hat.com>,
	Mel Gorman <mgorman@...e.de>, Hugh Dickins <hughd@...gle.com>,
	Larry Woodman <lwoodman@...hat.com>,
	Petr Matousek <pmatouse@...hat.com>,
	Rik van Riel <riel@...hat.com>
Subject: Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs
 pmd_populate SMP race condition

On Thu, Jun 7, 2012 at 7:42 AM, Andrea Arcangeli <aarcange@...hat.com> wrote:
>
> From the oops it looks like atomic64_read trips on a dangling pmdp
> pointer, but if the problem doesn't happen with Xen then the pointer
> value shouldn't be the problem, and in turn the lock cmpxchg8b used to
> access the pointer is likely the problem.

So I assume that Xen just turns the page tables read-only in order to
track them, and then assumes that nobody modifies them in the
particular section. And the cmpxchg64 looks like a modification, even
if we only use it to read things.

Andrea, do we have any guarantees like "once it has turned into a
regular page table, we won't see it turn back if we hold the mmap
sem"? Or anything like that? Because it is possible that we could do
this entirely with some ordering guarantee - something like the
attached patch?

Totally untested, of course.

                         Linus

Download attachment "patch.diff" of type "application/octet-stream" (1732 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ