| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Dec 2020 12:25:07 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Yu Zhao <yuzhao@...gle.com>
Cc: Peter Xu <peterx@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
linux-mm <linux-mm@...ck.org>,
lkml <linux-kernel@...r.kernel.org>,
Pavel Emelyanov <xemul@...nvz.org>,
Mike Kravetz <mike.kravetz@...cle.com>,
Mike Rapoport <rppt@...ux.vnet.ibm.com>,
stable <stable@...r.kernel.org>,
Minchan Kim <minchan@...nel.org>,
Andy Lutomirski <luto@...nel.org>,
Will Deacon <will@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Nadav Amit <nadav.amit@...il.com>
Subject: Re: [PATCH] mm/userfaultfd: fix memory corruption due to writeprotect
On Mon, Dec 21, 2020 at 12:21 PM Yu Zhao <yuzhao@...gle.com> wrote:
>
> Well, unfortunately we have places that use optimizations like
>
> inc_tlb_flush_pending()
> lock page table
> pte_wrprotect
> flush_tlb_range()
> dec_tlb_flush_pending()
>
> which complicate things.
My point is, none of that matters.
Because the software side that does the actual page table
modifications do not depend on the TLB at all.
They depend on the page table lock, and the pte in memory.
So the "pending flush" simply shoudln't be an issue. It's about the
actual hardware usage.
But what DOES matter for the software accesses is that you can't
modify protections without holding the proper lock.
And userfaultfd seems to do exactly that, breaking the whole "load pte
early, then check that it didn't change".
(Which we do in other places too, not just COW - it's basically _the_
pattern for page table updates).
Linus
Powered by blists - more mailing lists