lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Nov 2019 03:58:44 +0000 From: Song Liu <songliubraving@...com> To: Andrew Morton <akpm@...ux-foundation.org> CC: open list <linux-kernel@...r.kernel.org>, "linux-mm@...ck.org" <linux-mm@...ck.org>, "matthew.wilcox@...cle.com" <matthew.wilcox@...cle.com>, Kernel Team <Kernel-team@...com>, "william.kucharski@...cle.com" <william.kucharski@...cle.com>, "kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>, "Johannes Weiner" <hannes@...xchg.org>, Hugh Dickins <hughd@...gle.com> Subject: Re: [PATCH v5 1/2] mm,thp: recheck each page before collapsing file THP > On Nov 7, 2019, at 7:53 PM, Andrew Morton <akpm@...ux-foundation.org> wrote: > > On Tue, 5 Nov 2019 22:09:29 -0800 Song Liu <songliubraving@...com> wrote: > >> In collapse_file(), for !is_shmem case, current check cannot guarantee >> the locked page is up-to-date. Specifically, xas_unlock_irq() should >> not be called before lock_page() and get_page(); and it is necessary to >> recheck PageUptodate() after locking the page. >> >> With this bug and CONFIG_READ_ONLY_THP_FOR_FS=y, madvise(HUGE)'ed .text >> may contain corrupted data. This is because khugepaged mistakenly >> collapses some not up-to-date sub pages into a huge page, and assumes >> the huge page is up-to-date. This will NOT corrupt data in the disk, >> because the page is read-only and never written back. Fix this by >> properly checking PageUptodate() after locking the page. This check >> replaces "VM_BUG_ON_PAGE(!PageUptodate(page), page);". >> >> Also, move PageDirty() check after locking the page. Current >> khugepaged should not try to collapse dirty file THP, because it is >> limited to read-only .text. The only case we hit a dirty page here is >> when the page hasn't been written since write. Bail out and retry when >> this happens. > > Incorrect data is pretty serious. Should we backport this into -stable > kernels? > > (I suspect I already asked this in response to earier versions, sorry ;)) This is new feature (and new bug :( ) in 5.4. So no need to back port. Thanks, Song
Powered by blists - more mailing lists