| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <45323ea0-2a50-8891-830e-e1f8a8ed23ea@citrix.com>
Date: Tue, 12 Mar 2019 17:24:43 +0000
From: Andrew Cooper <andrew.cooper3@...rix.com>
To: David Hildenbrand <david@...hat.com>,
Matthew Wilcox <willy@...radead.org>,
Julien Grall <julien.grall@....com>
CC: Juergen Gross <jgross@...e.com>, <k.khlebnikov@...sung.com>,
Stefano Stabellini <sstabellini@...nel.org>,
Kees Cook <keescook@...omium.org>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
"VMware, Inc." <pv-drivers@...are.com>,
osstest service owner <osstest-admin@...project.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
<linux-mm@...ck.org>, Julien Freche <jfreche@...are.com>,
Nadav Amit <namit@...are.com>,
<xen-devel@...ts.xenproject.org>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>
Subject: Re: [Xen-devel] xen: Can't insert balloon page into VM userspace (WAS
Re: [linux-linus bisection] complete test-arm64-arm64-xl-xsm)
On 12/03/2019 17:18, David Hildenbrand wrote:
> On 12.03.19 18:14, Matthew Wilcox wrote:
>> On Tue, Mar 12, 2019 at 05:05:39PM +0000, Julien Grall wrote:
>>> On 3/12/19 3:59 PM, Julien Grall wrote:
>>>> It looks like all the arm test for linus [1] and next [2] tree
>>>> are now failing. x86 seems to be mostly ok.
>>>>
>>>> The bisector fingered the following commit:
>>>>
>>>> commit 0ee930e6cafa048c1925893d0ca89918b2814f2c
>>>> Author: Matthew Wilcox <willy@...radead.org>
>>>> Date: Tue Mar 5 15:46:06 2019 -0800
>>>>
>>>> mm/memory.c: prevent mapping typed pages to userspace
>>>> Pages which use page_type must never be mapped to userspace as it would
>>>> destroy their page type. Add an explicit check for this instead of
>>>> assuming that kernel drivers always get this right.
>> Oh good, it found a real problem.
>>
>>> It turns out the problem is because the balloon driver will call
>>> __SetPageOffline() on allocated page. Therefore the page has a type and
>>> vm_insert_pages will deny the insertion.
>>>
>>> My knowledge is quite limited in this area. So I am not sure how we can
>>> solve the problem.
>>>
>>> I would appreciate if someone could provide input of to fix the mapping.
>> I don't know the balloon driver, so I don't know why it was doing this,
>> but what it was doing was Wrong and has been since 2014 with:
>>
>> commit d6d86c0a7f8ddc5b38cf089222cb1d9540762dc2
>> Author: Konstantin Khlebnikov <k.khlebnikov@...sung.com>
>> Date: Thu Oct 9 15:29:27 2014 -0700
>>
>> mm/balloon_compaction: redesign ballooned pages management
>>
>> If ballooned pages are supposed to be mapped into userspace, you can't mark
>> them as ballooned pages using the mapcount field.
>>
> Asking myself why anybody would want to map balloon inflated pages into
> user space (this just sounds plain wrong but my understanding to what
> XEN balloon driver does might be limited), but I assume the easy fix
> would be to revert
I suspect the bug here is that the balloon driver is (ab)used for a
second purpose - to create a hole in pfn space to map some other bits of
shared memory into.
I think at the end of the day, what is needed is a struct page_info
which looks like normal RAM, but the backing for which can be altered by
hypercall to map other things.
~Andrew
Powered by blists - more mailing lists