lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 28 Jun 2019 10:51:06 -0700
From:   Florian Fainelli <f.fainelli@...il.com>
To:     Doug Berger <opendmb@...il.com>,
        linux-arm-kernel@...ts.infradead.org
Cc:     Russell King <linux@...linux.org.uk>,
        Laura Abbott <labbott@...hat.com>,
        Mike Rapoport <rppt@...ux.ibm.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Rob Herring <robh@...nel.org>,
        "Steven Rostedt (VMware)" <rostedt@...dmis.org>,
        Peng Fan <peng.fan@....com>,
        Geert Uytterhoeven <geert@...ux-m68k.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ARM: mm: only adjust sections of valid mm structures

On 6/27/19 2:32 PM, Doug Berger wrote:
> A timing hazard exists when an early fork/exec thread begins
> exiting and sets its mm pointer to NULL while a separate core
> tries to update the section information.
> 
> This commit ensures that the mm pointer is not NULL before
> setting its section parameters. The arguments provided by
> commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
> from update_sections_early()") are equally valid for not
> requiring grabbing the task_lock around this check.

This looks like an appropriate fix to me. For what it is worth, we were
able to reproduce this problem with a 4.9 kernel with:

CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"

It is made much more reliable with a lower default loglevel (e.g.: 1)
than the default log level, but if you have e.g.: an USB thumb drive
that needs to be scanned by the SCSI layer, then this is 100% reliable.

> 
> Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
> Signed-off-by: Doug Berger <opendmb@...il.com>
> ---
>  arch/arm/mm/init.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
> index be0b42937888..bdc70dff477b 100644
> --- a/arch/arm/mm/init.c
> +++ b/arch/arm/mm/init.c
> @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n)
>  		if (t->flags & PF_KTHREAD)
>  			continue;
>  		for_each_thread(t, s)
> -			set_section_perms(perms, n, true, s->mm);
> +			if (s->mm)
> +				set_section_perms(perms, n, true, s->mm);
>  	}
>  	set_section_perms(perms, n, true, current->active_mm);
>  	set_section_perms(perms, n, true, &init_mm);
> 


-- 
Florian

Powered by blists - more mailing lists