| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220401072926.45051-1-linmiaohe@huawei.com>
Date: Fri, 1 Apr 2022 15:29:26 +0800
From: Miaohe Lin <linmiaohe@...wei.com>
To: <akpm@...ux-foundation.org>
CC: <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>,
<linmiaohe@...wei.com>
Subject: [PATCH] mm/swapfile: unuse_pte can map random data if swap read fails
There is a bug in unuse_pte(): when swap page happens to be unreadable,
page filled with random data is mapped into user address space. The fix
is to check for PageUptodate and fail swapoff in case of error.
Signed-off-by: Miaohe Lin <linmiaohe@...wei.com>
---
mm/swapfile.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/mm/swapfile.c b/mm/swapfile.c
index 63c61f8b2611..e72a35de7a0f 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -1795,6 +1795,10 @@ static int unuse_pte(struct vm_area_struct *vma, pmd_t *pmd,
ret = 0;
goto out;
}
+ if (unlikely(!PageUptodate(page))) {
+ ret = -EIO;
+ goto out;
+ }
dec_mm_counter(vma->vm_mm, MM_SWAPENTS);
inc_mm_counter(vma->vm_mm, MM_ANONPAGES);
--
2.23.0
Powered by blists - more mailing lists