| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Apr 2022 13:05:18 +0200
From: David Sterba <dsterba@...e.cz>
To: Catalin Marinas <catalin.marinas@....com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Andreas Gruenbacher <agruenba@...hat.com>,
Josef Bacik <josef@...icpanda.com>,
Al Viro <viro@...iv.linux.org.uk>,
Andrew Morton <akpm@...ux-foundation.org>,
Chris Mason <clm@...com>, David Sterba <dsterba@...e.com>,
Will Deacon <will@...nel.org>, linux-fsdevel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-btrfs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 3/3] btrfs: Avoid live-lock in search_ioctl() on
hardware with sub-page faults
On Wed, Apr 06, 2022 at 07:09:22PM +0100, Catalin Marinas wrote:
> Commit a48b73eca4ce ("btrfs: fix potential deadlock in the search
> ioctl") addressed a lockdep warning by pre-faulting the user pages and
> attempting the copy_to_user_nofault() in an infinite loop. On
> architectures like arm64 with MTE, an access may fault within a page at
> a location different from what fault_in_writeable() probed. Since the
> sk_offset is rewound to the previous struct btrfs_ioctl_search_header
> boundary, there is no guaranteed forward progress and search_ioctl() may
> live-lock.
>
> Use fault_in_subpage_writeable() instead of fault_in_writeable() to
> ensure the permission is checked at the right granularity (smaller than
> PAGE_SIZE).
>
> Signed-off-by: Catalin Marinas <catalin.marinas@....com>
> Fixes: a48b73eca4ce ("btrfs: fix potential deadlock in the search ioctl")
> Reported-by: Al Viro <viro@...iv.linux.org.uk>
Acked-by: David Sterba <dsterba@...e.com>
Powered by blists - more mailing lists