lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20220407110518.GE15609@twin.jikos.cz>
Date:   Thu, 7 Apr 2022 13:05:18 +0200
From:   David Sterba <dsterba@...e.cz>
To:     Catalin Marinas <catalin.marinas@....com>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Andreas Gruenbacher <agruenba@...hat.com>,
        Josef Bacik <josef@...icpanda.com>,
        Al Viro <viro@...iv.linux.org.uk>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Chris Mason <clm@...com>, David Sterba <dsterba@...e.com>,
        Will Deacon <will@...nel.org>, linux-fsdevel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, linux-btrfs@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 3/3] btrfs: Avoid live-lock in search_ioctl() on
 hardware with sub-page faults

On Wed, Apr 06, 2022 at 07:09:22PM +0100, Catalin Marinas wrote:
> Commit a48b73eca4ce ("btrfs: fix potential deadlock in the search
> ioctl") addressed a lockdep warning by pre-faulting the user pages and
> attempting the copy_to_user_nofault() in an infinite loop. On
> architectures like arm64 with MTE, an access may fault within a page at
> a location different from what fault_in_writeable() probed. Since the
> sk_offset is rewound to the previous struct btrfs_ioctl_search_header
> boundary, there is no guaranteed forward progress and search_ioctl() may
> live-lock.
> 
> Use fault_in_subpage_writeable() instead of fault_in_writeable() to
> ensure the permission is checked at the right granularity (smaller than
> PAGE_SIZE).
> 
> Signed-off-by: Catalin Marinas <catalin.marinas@....com>
> Fixes: a48b73eca4ce ("btrfs: fix potential deadlock in the search ioctl")
> Reported-by: Al Viro <viro@...iv.linux.org.uk>

Acked-by: David Sterba <dsterba@...e.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ