lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Jun 2020 17:48:11 +0200
From:   Gerald Schaefer <gerald.schaefer@...ibm.com>
To:     Peter Xu <peterx@...hat.com>, linux-arch@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     linux-alpha@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-hexagon@...r.kernel.org, linux-ia64@...r.kernel.org,
        linux-m68k@...ts.linux-m68k.org, Michal Simek <monstr@...str.eu>,
        linux-mips@...r.kernel.org, Nick Hu <nickhu@...estech.com>,
        Ley Foon Tan <ley.foon.tan@...el.com>,
        openrisc@...ts.librecores.org, linux-parisc@...r.kernel.org,
        linux-riscv@...ts.infradead.org, linux-sh@...r.kernel.org,
        sparclinux@...r.kernel.org, linux-um@...ts.infradead.org,
        Guan Xuetao <gxt@....edu.cn>, linux-xtensa@...ux-xtensa.org,
        Heiko Carstens <heiko.carstens@...ibm.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andrea Arcangeli <aarcange@...hat.com>
Subject: Possible duplicate page fault accounting on some archs after commit
 4064b9827063

Hi,

Some architectures have their page fault accounting code inside the fault
retry loop, and rely on only going through that code once. Before commit
4064b9827063 ("mm: allow VM_FAULT_RETRY for multiple times"), that was
ensured by testing for and clearing FAULT_FLAG_ALLOW_RETRY.

That commit had to remove the clearing of FAULT_FLAG_ALLOW_RETRY for all
architectures, and introduced a subtle change to page fault accounting
logic in the affected archs. It is now possible to go through the retry
loop multiple times, and the affected archs would then account multiple
page faults instead of just one.

This was found by coincidence in s390 code, and a quick check showed that
there are quite a lot of other architectures that seem to be affected in a
similar way. I'm preparing a fix for s390, by moving the accounting behind
the retry loop, similar to x86. It is not completely straight-forward, so
I leave the fix for other archs to the respective maintainers.

Added the lists for possibly affected archs on cc, but no guarantee for
completeness.

Regards,
Gerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ