lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191015121253.GH317@dhcp22.suse.cz>
Date:   Tue, 15 Oct 2019 14:12:53 +0200
From:   Michal Hocko <mhocko@...nel.org>
To:     David Hildenbrand <david@...hat.com>
Cc:     linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        stable@...r.kernel.org,
        Anshuman Khandual <anshuman.khandual@....com>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH v1] hugetlbfs: don't access uninitialized memmaps in
 pfn_range_valid_gigantic()

On Tue 15-10-19 14:07:17, David Hildenbrand wrote:
> Uninitialized memmaps contain garbage and in the worst case trigger
> kernel BUGs, especially with CONFIG_PAGE_POISONING. They should not get
> touched.
> 
> Let's make sure that we only consider online memory (managed by the
> buddy) that has initialized memmaps. ZONE_DEVICE is not applicable.
> 
> page_zone() will call page_to_nid(), which will trigger
> VM_BUG_ON_PGFLAGS(PagePoisoned(page), page) with CONFIG_PAGE_POISONING
> and CONFIG_DEBUG_VM_PGFLAGS when called on uninitialized memmaps. This
> can be the case when an offline memory block (e.g., never onlined) is
> spanned by a zone.
> 
> Note: As explained by Michal in [1], alloc_contig_range() will verify
> the range. So it boils down to the wrong access in this function.
> 
> [1] http://lkml.kernel.org/r/20180423000943.GO17484@dhcp22.suse.cz
> 
> Reported-by: Michal Hocko <mhocko@...nel.org>
> Fixes: f1dd2cd13c4b ("mm, memory_hotplug: do not associate hotadded memory to zones until online") # visible after d0dc12e86b319
> Cc: stable@...r.kernel.org # v4.13+
> Cc: Anshuman Khandual <anshuman.khandual@....com>
> Cc: Mike Kravetz <mike.kravetz@...cle.com>
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> Cc: Michal Hocko <mhocko@...nel.org>
> Signed-off-by: David Hildenbrand <david@...hat.com>

Acked-by: Michal Hocko <mhocko@...e.com>

Thanks!
> ---
>  mm/hugetlb.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> index ef37c85423a5..b45a95363a84 100644
> --- a/mm/hugetlb.c
> +++ b/mm/hugetlb.c
> @@ -1084,11 +1084,10 @@ static bool pfn_range_valid_gigantic(struct zone *z,
>  	struct page *page;
>  
>  	for (i = start_pfn; i < end_pfn; i++) {
> -		if (!pfn_valid(i))
> +		page = pfn_to_online_page(i);
> +		if (!page)
>  			return false;
>  
> -		page = pfn_to_page(i);
> -
>  		if (page_zone(page) != z)
>  			return false;
>  
> -- 
> 2.21.0

-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ