| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210506165229.320e950f@alex-virtual-machine>
Date: Thu, 6 May 2021 16:52:29 +0800
From: Aili Yao <yaoaili@...gsoft.com>
To: Michal Hocko <mhocko@...e.com>
CC: David Hildenbrand <david@...hat.com>,
<linux-kernel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
"Michael S. Tsirkin" <mst@...hat.com>,
Jason Wang <jasowang@...hat.com>,
Alexey Dobriyan <adobriyan@...il.com>,
Mike Rapoport <rppt@...nel.org>,
"Matthew Wilcox (Oracle)" <willy@...radead.org>,
Oscar Salvador <osalvador@...e.de>,
"Roman Gushchin" <guro@...com>,
Alex Shi <alex.shi@...ux.alibaba.com>,
Steven Price <steven.price@....com>,
Mike Kravetz <mike.kravetz@...cle.com>,
Jiri Bohac <jbohac@...e.cz>,
"K. Y. Srinivasan" <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
"Wei Liu" <wei.liu@...nel.org>,
Naoya Horiguchi <naoya.horiguchi@....com>,
<linux-hyperv@...r.kernel.org>,
<virtualization@...ts.linux-foundation.org>,
<linux-fsdevel@...r.kernel.org>, <linux-mm@...ck.org>,
<yaoaili126@...il.com>
Subject: Re: [PATCH v1 3/7] mm: rename and move page_is_poisoned()
On Thu, 6 May 2021 09:55:51 +0200
Michal Hocko <mhocko@...e.com> wrote:
> On Thu 06-05-21 15:28:05, Aili Yao wrote:
> > On Thu, 6 May 2021 09:06:14 +0200
> > Michal Hocko <mhocko@...e.com> wrote:
> >
> > > On Thu 06-05-21 08:56:11, Aili Yao wrote:
> > > > On Wed, 5 May 2021 15:27:39 +0200
> > > > Michal Hocko <mhocko@...e.com> wrote:
> [...]
> > > > > I am not sure I follow. My point is that I fail to see any added value
> > > > > of the check as it doesn't prevent the race (it fundamentally cannot as
> > > > > the page can be poisoned at any time) but the failure path doesn't
> > > > > put_page which is incorrect even for hwpoison pages.
> > > >
> > > > Sorry, I have something to say:
> > > >
> > > > I have noticed the ref count leak in the previous topic ,but I don't think
> > > > it's a really matter. For memory recovery case for user pages, we will keep one
> > > > reference to the poison page so the error page will not be freed to buddy allocator.
> > > > which can be checked in memory_faulure() function.
> > >
> > > So what would happen if those pages are hwpoisoned from userspace rather
> > > than by HW. And repeatedly so?
> >
> > Sorry, I may be not totally understand what you mean.
> >
> > Do you mean hard page offline from mcelog?
>
> No I mean soft hwpoison from userspace (e.g. by MADV_HWPOISON but there
> are other interfaces AFAIK).
>
> And just to be explicit. All those interfaces are root only
> (CAP_SYS_ADMIN) so I am not really worried about any malitious abuse of
> the reference leak. I am mostly concerned that this is obviously broken
> without a good reason. The most trivial fix would have been to put_page
> in the return path but as I've mentioned in other email thread the fix
> really needs a deeper thought and consider other things.
>
> Hope that clarifies this some more.
Thanks, got it!
Yes, there are some test scenarios that should be covered.
But for test, the default SIGBUS handlers is usually replaced, and the test process
may not hit the coredump code.
Anyway, there is a ref leak in the normal enviorments and better to be fixed.
Thanks!
Aili Yao
Powered by blists - more mailing lists