lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Dec 2020 21:08:55 -0800 From: Andy Lutomirski <luto@...nel.org> To: Andrea Arcangeli <aarcange@...hat.com> Cc: Andy Lutomirski <luto@...nel.org>, Nadav Amit <nadav.amit@...il.com>, Dave Hansen <dave.hansen@...el.com>, linux-mm <linux-mm@...ck.org>, Peter Xu <peterx@...hat.com>, lkml <linux-kernel@...r.kernel.org>, Pavel Emelyanov <xemul@...nvz.org>, Mike Kravetz <mike.kravetz@...cle.com>, Mike Rapoport <rppt@...ux.vnet.ibm.com>, stable <stable@...r.kernel.org>, Minchan Kim <minchan@...nel.org>, Yu Zhao <yuzhao@...gle.com>, Will Deacon <will@...nel.org>, Peter Zijlstra <peterz@...radead.org> Subject: Re: [PATCH] mm/userfaultfd: fix memory corruption due to writeprotect On Sat, Dec 19, 2020 at 6:49 PM Andrea Arcangeli <aarcange@...hat.com> wrote: > > On Sat, Dec 19, 2020 at 06:01:39PM -0800, Andy Lutomirski wrote: > > I missed the beginning of this thread, but it looks to me like > > userfaultfd changes PTEs with not locking except mmap_read_lock(). It > > There's no mmap_read_lock, I assume you mean mmap_lock for reading. Yes. > > The ptes are changed always with the PT lock, in fact there's no > problem with the PTE updates. The only difference with mprotect > runtime is that the mmap_lock is taken for reading. And the effect > contested for this change doesn't affect the PTE, but supposedly the > tlb flushing deferral. Can you point me at where the lock ends up being taken in this path? I apparently missed it somewhere. > Anyway to wait the wrprotect to do the deferred flush, before the > unprotect can even start, one more mutex in the mm to take in all > callers of change_protection_range with the mmap_lock for reading may > be enough. I'll read the code again tomorrow.
Powered by blists - more mailing lists