lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Jul 2021 11:56:55 -0400
From:   Peter Xu <peterx@...hat.com>
To:     stable@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org
Cc:     Igor Raits <igor@...ddata.com>, peterx@...hat.com,
        Hillf Danton <hdanton@...a.com>,
        Axel Rasmussen <axelrasmussen@...gle.com>,
        Hugh Dickins <hughd@...gle.com>,
        Andrew Morton <akpm@...ux-foundation.org>
Subject: [PATCH stable 5.10.y 0/2] mm/thp: Fix uffd-wp with fork(); crash on pmd migration entry on fork

In summary, this series should be needed for 5.10/5.12/5.13. This is the 5.10.y
backport of the series.  Patch 1 is a dependency of patch 2, while patch 2
should be the real fix.

There's a minor conflict on patch 2 when cherry pick due to not having the new
helper called page_needs_cow_for_dma().  It's also mentioned at the entry of
patch 2.

This series should be able to fix a rare race that mentioned in thread:

https://lore.kernel.org/linux-mm/796cbb7-5a1c-1ba0-dde5-479aba8224f2@google.com/

This fact wasn't discovered when the fix got proposed and merged, because the
fix was originally about uffd-wp and its fork event.  However it turns out that
the problematic commit b569a1760782f3d is also causing crashing on fork() of
pmd migration entries which is even more severe than the original uffd-wp
problem.

Stable kernels at least on 5.12.y has the crash reproduced, and it's possible
5.13.y and 5.10.y could hit it due to having the problematic commit
b569a1760782f3d but lacking of the uffd-wp fix patch (8f34f1eac382, which is
also patch 2 of this series).

The pmd entry crash problem was reported by Igor Raits <igor@...ddata.com> and
debugged by Hugh Dickins <hughd@...gle.com>.

Please review, thanks.

Peter Xu (2):
  mm/thp: simplify copying of huge zero page pmd when fork
  mm/userfaultfd: fix uffd-wp special cases for fork()

 include/linux/huge_mm.h |  2 +-
 include/linux/swapops.h |  2 ++
 mm/huge_memory.c        | 36 +++++++++++++++++-------------------
 mm/memory.c             | 25 +++++++++++++------------
 4 files changed, 33 insertions(+), 32 deletions(-)

-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ