lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 4 Mar 2021 09:01:22 +0530
From:   Anshuman Khandual <anshuman.khandual@....com>
To:     Will Deacon <will@...nel.org>,
        Catalin Marinas <catalin.marinas@....com>
Cc:     David Hildenbrand <david@...hat.com>,
        Mark Rutland <mark.rutland@....com>,
        linux-kernel@...r.kernel.org, Mike Rapoport <rppt@...ux.ibm.com>,
        linux-mm@...ck.org,
        Jérôme Glisse <jglisse@...hat.com>,
        James Morse <james.morse@....com>,
        Dan Williams <dan.j.williams@...el.com>,
        Robin Murphy <robin.murphy@....com>,
        Ard Biesheuvel <ardb@...nel.org>,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH V2 1/2] arm64/mm: Fix pfn_valid() for ZONE_DEVICE based
 memory



On 3/4/21 2:54 AM, Will Deacon wrote:
> On Wed, Mar 03, 2021 at 07:04:33PM +0000, Catalin Marinas wrote:
>> On Thu, Feb 11, 2021 at 01:35:56PM +0100, David Hildenbrand wrote:
>>> On 11.02.21 13:10, Anshuman Khandual wrote:
>>>> On 2/11/21 5:23 PM, Will Deacon wrote:
>>>>> ... and dropped. These patches appear to be responsible for a boot
>>>>> regression reported by CKI:
>>>>
>>>> Ahh, boot regression ? These patches only change the behaviour
>>>> for non boot memory only.
>>>>
>>>>> https://lore.kernel.org/r/cki.8D1CB60FEC.K6NJMEFQPV@redhat.com
>>>>
>>>> Will look into the logs and see if there is something pointing to
>>>> the problem.
>>>
>>> It's strange. One thing I can imagine is a mis-detection of early sections.
>>> However, I don't see that happening:
>>>
>>> In sparse_init_nid(), we:
>>> 1. Initialize the memmap
>>> 2. Set SECTION_IS_EARLY | SECTION_HAS_MEM_MAP via
>>>    sparse_init_one_section()
>>>
>>> Only hotplugged sections (DIMMs, dax/kmem) set SECTION_HAS_MEM_MAP without
>>> SECTION_IS_EARLY - which is correct, because these are not early.
>>>
>>> So once we know that we have valid_section() -- SECTION_HAS_MEM_MAP is set
>>> -- early_section() should be correct.
>>>
>>> Even if someone would be doing a pfn_valid() after
>>> memblocks_present()->memory_present() but before
>>> sparse_init_nid(), we should be fine (!valid_section() -> return 0).
>>
>> I couldn't figure out how this could fail with Anshuman's patches.
>> Will's suspicion is that some invalid/null pointer gets dereferenced
>> before being initialised but the only case I see is somewhere in
>> pfn_section_valid() (ms->usage) if valid_section() && !early_section().
>>
>> Assuming that we do get a valid_section(ms) && !early_section(ms), is
>> there a case where ms->usage is not initialised? I guess races with
>> section_deactivate() are not possible this early.
>>
>> Another situation could be that pfn_valid() returns true when no memory
>> is mapped for that pfn.
> 
> The case I wondered about was __pfn_to_section() with a bogus pfn, since
> with patch 2/2 we call that *before* checking that pfn_to_section_nr() is
> sane.

Right, that is problematic. __pfn_to_section() should not be called without
first validating pfn_to_section_nr(), as it could cause out-of-bound access
on mem_section buffer. Will fix that order but as there is no test scenario
which is definitive for this reported regression, how should we ensure that
it fixes the problem ?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ