lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 26 May 2021 14:27:52 +0300
From:   Anatoly Pugachev <matorola@...il.com>
To:     Gerald Schaefer <gerald.schaefer@...ux.ibm.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Anshuman Khandual <anshuman.khandual@....com>,
        linux-mm <linux-mm@...ck.org>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-arch <linux-arch@...r.kernel.org>,
        linux-sparc <sparclinux@...r.kernel.org>,
        linux-s390 <linux-s390@...r.kernel.org>, stable@...r.kernel.org
Subject: Re: [PATCH 1/1] mm/debug_vm_pgtable: fix alignment for pmd/pud_advanced_tests()

On Tue, May 25, 2021 at 4:03 PM Gerald Schaefer
<gerald.schaefer@...ux.ibm.com> wrote:
>
> In pmd/pud_advanced_tests(), the vaddr is aligned up to the next pmd/pud
> entry, and so it does not match the given pmdp/pudp and (aligned down) pfn
> any more.
>
> For s390, this results in memory corruption, because the IDTE instruction
> used e.g. in xxx_get_and_clear() will take the vaddr for some calculations,
> in combination with the given pmdp. It will then end up with a wrong table
> origin, ending on ...ff8, and some of those wrongly set low-order bits will
> also select a wrong pagetable level for the index addition. IDTE could
> therefore invalidate (or 0x20) something outside of the page tables,
> depending on the wrongly picked index, which in turn depends on the random
> vaddr.
>
> As result, we sometimes see "BUG task_struct (Not tainted): Padding
> overwritten" on s390, where one 0x5a padding value got overwritten with
> 0x7a.
>
> Fix this by aligning down, similar to how the pmd/pud_aligned pfns are
> calculated.
>
> Fixes: a5c3b9ffb0f40 ("mm/debug_vm_pgtable: add tests validating advanced arch page table helpers")
> Cc: <stable@...r.kernel.org> # v5.9+
> Signed-off-by: Gerald Schaefer <gerald.schaefer@...ux.ibm.com>

boot tested on sparc64 with quick run of stress-ng ( --class memory
--sequential -1 --timeout 10s -v --pathological --oomable
--metrics-brief )
stress-ng: debug: [371408] system: Linux ttip
5.13.0-rc3-00043-gad9f25d33860-dirty #218 SMP Wed May 26 11:55:54 MSK
2021 sparc64

Tested-by: Anatoly Pugachev <matorola@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ