| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200414163234.GG5100@ziepe.ca>
Date: Tue, 14 Apr 2020 13:32:34 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Alexander Gordeev <agordeev@...ux.ibm.com>
Cc: linux-kernel@...r.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
linux-mm@...ck.org
Subject: Re: [PATCH] mm/gup: dereference page table entry using helper
On Tue, Apr 14, 2020 at 05:10:01PM +0200, Alexander Gordeev wrote:
> Commit 0005d20 ("mm/gup: Move page table entry dereference
> into helper function") wrapped access to page table entries
> larger than sizeof(long) into a race-aware accessor. One of
> the two dereferences in gup_fast path was however overlooked.
>
> CC: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> CC: linux-mm@...ck.org
> Signed-off-by: Alexander Gordeev <agordeev@...ux.ibm.com>
> mm/gup.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/gup.c b/mm/gup.c
> index d53f7dd..eceb98b 100644
> +++ b/mm/gup.c
> @@ -2208,7 +2208,7 @@ static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
> if (!head)
> goto pte_unmap;
>
> - if (unlikely(pte_val(pte) != pte_val(*ptep))) {
> + if (unlikely(pte_val(pte) != pte_val(gup_get_pte(ptep)))) {
It doesn't seem like this needs the special helper as it is just
checking that the pte hasn't changed, it doesn't need to be read
exactly.
But it probably should technically still be a READ_ONCE. Although I
think the atomic inside try_grab_compound_head prevents any real
problems.
Jason
Powered by blists - more mailing lists