lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 6 May 2020 21:06:37 -0400
From:   Joel Fernandes <joel@...lfernandes.org>
To:     Brian Geffon <bgeffon@...gle.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        "Michael S . Tsirkin" <mst@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-mm <linux-mm@...ck.org>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Sonny Rao <sonnyrao@...gle.com>,
        Minchan Kim <minchan@...nel.org>,
        "Kirill A . Shutemov" <kirill@...temov.name>
Subject: Re: [PATCH] userfaultfd: fix remap event with MREMAP_DONTUNMAP.

On Wed, May 6, 2020 at 1:22 PM Brian Geffon <bgeffon@...gle.com> wrote:
>
> A user is not required to set a new address when using
> MREMAP_DONTUNMAP as it can be used without MREMAP_FIXED.
> When doing so the remap event will use new_addr which may not
> have been set and we didn't propagate it back other then
> in the return value of remap_to.
>
> Because ret is always the new address it's probably more
> correct to use it rather than new_addr on the remap_event_complete
> call, and it resolves this bug.
>
> Signed-off-by: Brian Geffon <bgeffon@...gle.com>
> ---
>  mm/mremap.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/mremap.c b/mm/mremap.c
> index c881abeba0bf..6aa6ea605068 100644
> --- a/mm/mremap.c
> +++ b/mm/mremap.c
> @@ -794,7 +794,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
>         if (locked && new_len > old_len)
>                 mm_populate(new_addr + old_len, new_len - old_len);
>         userfaultfd_unmap_complete(mm, &uf_unmap_early);
> -       mremap_userfaultfd_complete(&uf, addr, new_addr, old_len);
> +       mremap_userfaultfd_complete(&uf, addr, ret, old_len);

Not super familiar with this code, but thought I'd ask, does ret need
to be checked for -ENOMEM before calling mremap_userfaultfd_complete?
Sorry if I missed something.

Thanks,

 - Joel

>         userfaultfd_unmap_complete(mm, &uf_unmap);
>         return ret;
>  }
> --
> 2.26.2.526.g744177e7f7-goog
>

Powered by blists - more mailing lists