lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Jun 2019 10:51:06 -0700 From: Florian Fainelli <f.fainelli@...il.com> To: Doug Berger <opendmb@...il.com>, linux-arm-kernel@...ts.infradead.org Cc: Russell King <linux@...linux.org.uk>, Laura Abbott <labbott@...hat.com>, Mike Rapoport <rppt@...ux.ibm.com>, Andrew Morton <akpm@...ux-foundation.org>, Rob Herring <robh@...nel.org>, "Steven Rostedt (VMware)" <rostedt@...dmis.org>, Peng Fan <peng.fan@....com>, Geert Uytterhoeven <geert@...ux-m68k.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] ARM: mm: only adjust sections of valid mm structures On 6/27/19 2:32 PM, Doug Berger wrote: > A timing hazard exists when an early fork/exec thread begins > exiting and sets its mm pointer to NULL while a separate core > tries to update the section information. > > This commit ensures that the mm pointer is not NULL before > setting its section parameters. The arguments provided by > commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking > from update_sections_early()") are equally valid for not > requiring grabbing the task_lock around this check. This looks like an appropriate fix to me. For what it is worth, we were able to reproduce this problem with a 4.9 kernel with: CONFIG_UEVENT_HELPER=y CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" It is made much more reliable with a lower default loglevel (e.g.: 1) than the default log level, but if you have e.g.: an USB thumb drive that needs to be scanned by the SCSI layer, then this is 100% reliable. > > Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments") > Signed-off-by: Doug Berger <opendmb@...il.com> > --- > arch/arm/mm/init.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c > index be0b42937888..bdc70dff477b 100644 > --- a/arch/arm/mm/init.c > +++ b/arch/arm/mm/init.c > @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n) > if (t->flags & PF_KTHREAD) > continue; > for_each_thread(t, s) > - set_section_perms(perms, n, true, s->mm); > + if (s->mm) > + set_section_perms(perms, n, true, s->mm); > } > set_section_perms(perms, n, true, current->active_mm); > set_section_perms(perms, n, true, &init_mm); > -- Florian
Powered by blists - more mailing lists