lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200124144643.GV29276@dhcp22.suse.cz>
Date:   Fri, 24 Jan 2020 15:46:43 +0100
From:   Michal Hocko <mhocko@...nel.org>
To:     Wei Yang <richardw.yang@...ux.intel.com>
Cc:     akpm@...ux-foundation.org, yang.shi@...ux.alibaba.com,
        jhubbard@...dia.com, vbabka@...e.cz, cl@...ux.com,
        linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [Patch v2] mm/migrate.c: also overwrite error when it is bigger
 than zero

On Fri 24-01-20 22:15:38, Wei Yang wrote:
> On Fri, Jan 24, 2020 at 08:21:27AM +0100, Michal Hocko wrote:
> >[Sorry I have missed this patch previously]
> >
> 
> No problem, thanks for your comment.
> 
> >On Sun 19-01-20 14:57:53, Wei Yang wrote:
> >> If we get here after successfully adding page to list, err would be
> >> 1 to indicate the page is queued in the list.
> >> 
> >> Current code has two problems:
> >> 
> >>   * on success, 0 is not returned
> >>   * on error, if add_page_for_migratioin() return 1, and the following err1
> >>     from do_move_pages_to_node() is set, the err1 is not returned since err
> >>     is 1
> >
> >This made my really scratch my head to grasp. So essentially err > 0
> >will happen when we reach the end of the loop and rely on the
> >out_flush flushing to migrate the batch. Then err contains the
> >add_page_for_migratioin return value. And that would leak to the
> >userspace.
> >
> >What would you say about the following wording instead?
> >"
> >out_flush part of do_pages_move is responsible for migrating the last
> >batch that accumulated while processing the input in the loop.
> >do_move_pages_to_node return value is supposed to override any
> >preexisting error (e.g. when the user input is garbage) but the current
> 
> I am afraid I have a different understanding here.
> 
> If we jump to out_flush on the test of node_isset(), err is -EACCESS. Current
> logic would return this instead of the error from do_move_pages_to_node().
> Seems we don't override -EACCESS.

And this is the expected logic. The unexpected behavior is the one you
have fixed by this patch because err = 1 wouldn't get overriden and that
should have been.
-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ