lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20170207150249.GA6709@rapoport-lnx>
Date:   Tue, 7 Feb 2017 17:02:50 +0200
From:   Mike Rapoport <rppt@...ux.vnet.ibm.com>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     Andrea Arcangeli <aarcange@...hat.com>,
        "Dr. David Alan Gilbert" <dgilbert@...hat.com>,
        Hillf Danton <hillf.zj@...baba-inc.com>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        Pavel Emelyanov <xemul@...tuozzo.com>,
        Linux-MM <linux-mm@...ck.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: [PATCH] userfaultfd: mcopy_atomic: update cases returning -ENOENT

Hello Andrew,

The patch below is an incremental fixup for concerns Andrea raised at [1].
Please let me know if you prefer me to update the original patch and
resend.

[1] http://www.spinics.net/lists/linux-mm/msg121267.html

--
Sincerely yours,
Mike.

>From 8acff65ecee8ca4cc892d35b45125c34568d1c93 Mon Sep 17 00:00:00 2001
From: Mike Rapoport <rppt@...ux.vnet.ibm.com>
Date: Tue, 7 Feb 2017 11:50:17 +0200
Subject: [PATCH] userfaultfd: mcopy_atomic: update cases returning -ENOENT

As Andrea commented in [1], if the VMA covering the address was unmapped,
we may end up with a VMA a way above the faulting address. In this case we
would like to return -ENOENT to allow uffd monitor detection of VMA
removal.

[1] http://www.spinics.net/lists/linux-mm/msg121267.html

Signed-off-by: Mike Rapoport <rppt@...ux.vnet.ibm.com>
---
 mm/userfaultfd.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c
index b861cf9..cf43456 100644
--- a/mm/userfaultfd.c
+++ b/mm/userfaultfd.c
@@ -206,6 +206,10 @@ static __always_inline ssize_t __mcopy_atomic_hugetlb(struct mm_struct *dst_mm,
 		if (!dst_vma->vm_userfaultfd_ctx.ctx)
 			goto out_unlock;
 
+		if (dst_start < dst_vma->vm_start ||
+		    dst_start + len > dst_vma->vm_end)
+			goto out_unlock;
+
 		err = -EINVAL;
 		if (vma_hpagesize != vma_kernel_pagesize(dst_vma))
 			goto out_unlock;
@@ -216,9 +220,6 @@ static __always_inline ssize_t __mcopy_atomic_hugetlb(struct mm_struct *dst_mm,
 		 */
 		if (dst_vma->vm_flags & VM_SHARED)
 			goto out_unlock;
-		if (dst_start < dst_vma->vm_start ||
-		    dst_start + len > dst_vma->vm_end)
-			goto out_unlock;
 	}
 
 	if (WARN_ON(dst_addr & (vma_hpagesize - 1) ||
@@ -385,13 +386,14 @@ static __always_inline ssize_t __mcopy_atomic(struct mm_struct *dst_mm,
 	if (!dst_vma->vm_userfaultfd_ctx.ctx)
 		goto out_unlock;
 
-	err = -EINVAL;
-	if (!vma_is_shmem(dst_vma) && dst_vma->vm_flags & VM_SHARED)
-		goto out_unlock;
 	if (dst_start < dst_vma->vm_start ||
 	    dst_start + len > dst_vma->vm_end)
 		goto out_unlock;
 
+	err = -EINVAL;
+	if (!vma_is_shmem(dst_vma) && dst_vma->vm_flags & VM_SHARED)
+		goto out_unlock;
+
 	/*
 	 * If this is a HUGETLB vma, pass off to appropriate routine
 	 */
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ