lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210303212406.GB20055@willie-the-truck>
Date:   Wed, 3 Mar 2021 21:24:07 +0000
From:   Will Deacon <will@...nel.org>
To:     Catalin Marinas <catalin.marinas@....com>
Cc:     David Hildenbrand <david@...hat.com>,
        Anshuman Khandual <anshuman.khandual@....com>,
        Mark Rutland <mark.rutland@....com>,
        linux-kernel@...r.kernel.org, Mike Rapoport <rppt@...ux.ibm.com>,
        linux-mm@...ck.org,
        Jérôme Glisse <jglisse@...hat.com>,
        James Morse <james.morse@....com>,
        Dan Williams <dan.j.williams@...el.com>,
        Robin Murphy <robin.murphy@....com>,
        Ard Biesheuvel <ardb@...nel.org>,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH V2 1/2] arm64/mm: Fix pfn_valid() for ZONE_DEVICE based
 memory

On Wed, Mar 03, 2021 at 07:04:33PM +0000, Catalin Marinas wrote:
> On Thu, Feb 11, 2021 at 01:35:56PM +0100, David Hildenbrand wrote:
> > On 11.02.21 13:10, Anshuman Khandual wrote:
> > > On 2/11/21 5:23 PM, Will Deacon wrote:
> > > > ... and dropped. These patches appear to be responsible for a boot
> > > > regression reported by CKI:
> > > 
> > > Ahh, boot regression ? These patches only change the behaviour
> > > for non boot memory only.
> > > 
> > > > https://lore.kernel.org/r/cki.8D1CB60FEC.K6NJMEFQPV@redhat.com
> > > 
> > > Will look into the logs and see if there is something pointing to
> > > the problem.
> > 
> > It's strange. One thing I can imagine is a mis-detection of early sections.
> > However, I don't see that happening:
> > 
> > In sparse_init_nid(), we:
> > 1. Initialize the memmap
> > 2. Set SECTION_IS_EARLY | SECTION_HAS_MEM_MAP via
> >    sparse_init_one_section()
> > 
> > Only hotplugged sections (DIMMs, dax/kmem) set SECTION_HAS_MEM_MAP without
> > SECTION_IS_EARLY - which is correct, because these are not early.
> > 
> > So once we know that we have valid_section() -- SECTION_HAS_MEM_MAP is set
> > -- early_section() should be correct.
> > 
> > Even if someone would be doing a pfn_valid() after
> > memblocks_present()->memory_present() but before
> > sparse_init_nid(), we should be fine (!valid_section() -> return 0).
> 
> I couldn't figure out how this could fail with Anshuman's patches.
> Will's suspicion is that some invalid/null pointer gets dereferenced
> before being initialised but the only case I see is somewhere in
> pfn_section_valid() (ms->usage) if valid_section() && !early_section().
> 
> Assuming that we do get a valid_section(ms) && !early_section(ms), is
> there a case where ms->usage is not initialised? I guess races with
> section_deactivate() are not possible this early.
> 
> Another situation could be that pfn_valid() returns true when no memory
> is mapped for that pfn.

The case I wondered about was __pfn_to_section() with a bogus pfn, since
with patch 2/2 we call that *before* checking that pfn_to_section_nr() is
sane.

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ