| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Mar 2022 13:31:55 -0400
From: Paolo Bonzini <pbonzini@...hat.com>
To: linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc: seanjc@...gle.com,
syzbot+6bde52d89cfdf9f61425@...kaller.appspotmail.com,
linux-mm@...ck.org, akpm@...ux-foundation.org,
stable@...r.kernel.org
Subject: [PATCH] mm: avoid pointless invalidate_range_start/end on mremap(old_size=0)
If an mremap() syscall with old_size=0 ends up in move_page_tables(),
it will call invalidate_range_start()/invalidate_range_end() unnecessarily,
i.e. with an empty range.
This causes a WARN in KVM's mmu_notifier. In the past, empty ranges
have been diagnosed to be off-by-one bugs, hence the WARNing.
Given the low (so far) number of unique reports, the benefits of
detecting more buggy callers seem to outweigh the cost of having
to fix cases such as this one, where userspace is doing something
silly. In this particular case, an early return from move_page_tables()
is enough to fix the issue.
Reported-by: syzbot+6bde52d89cfdf9f61425@...kaller.appspotmail.com
Cc: linux-mm@...ck.org
Cc: akpm@...ux-foundation.org
Cc: stable@...r.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
---
mm/mremap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/mm/mremap.c b/mm/mremap.c
index 002eec83e91e..0e175aef536e 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -486,6 +486,9 @@ unsigned long move_page_tables(struct vm_area_struct *vma,
pmd_t *old_pmd, *new_pmd;
pud_t *old_pud, *new_pud;
+ if (!len)
+ return 0;
+
old_end = old_addr + len;
flush_cache_range(vma, old_addr, old_end);
--
2.31.1
Powered by blists - more mailing lists