lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 19 Apr 2022 15:29:10 +0800
From:   Miaohe Lin <linmiaohe@...wei.com>
To:     Alistair Popple <apopple@...dia.com>
CC:     <akpm@...ux-foundation.org>, <willy@...radead.org>,
        <vbabka@...e.cz>, <dhowells@...hat.com>, <neilb@...e.de>,
        <david@...hat.com>, <surenb@...gle.com>, <minchan@...nel.org>,
        <peterx@...hat.com>, <sfr@...b.auug.org.au>,
        <rcampbell@...dia.com>, <naoya.horiguchi@....com>,
        <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] mm/swapfile: unuse_pte can map random data if swap
 read fails

On 2022/4/19 11:51, Alistair Popple wrote:
> Miaohe Lin <linmiaohe@...wei.com> writes:
> 
>> There is a bug in unuse_pte(): when swap page happens to be unreadable,
>> page filled with random data is mapped into user address space. In case
>> of error, a special swap entry indicating swap read fails is set to the
>> page table. So the swapcache page can be freed and the user won't end up
>> with a permanently mounted swap because a sector is bad. And if the page
>> is accessed later, the user process will be killed so that corrupted data
>> is never consumed. On the other hand, if the page is never accessed, the
>> user won't even notice it.
> 
> Hi Miaohe,
> > It seems we're not actually using the pfn that gets stored in the special swap
> entry here. Is my understanding correct? If so I think it would be better to use

Yes, you're right. The pfn is not used now. What we need here is a special swap entry
to do the right things. I think we can change to store some debugging information instead
of pfn if needed in the future.

> the new PTE markers Peter introduced[1] rather than adding another swap entry
> type.

IIUC, we should not reuse that swap entry here. From definition:

PTE markers
===========
...
PTE marker is a new type of swap entry that is ony applicable to file
backed memories like shmem and hugetlbfs.  It's used to persist some
pte-level information even if the original present ptes in pgtable are
zapped.

It's designed for file backed memories while swapin error entry is for anonymous
memories. And there has some differences in processing. So it's not a good idea
to reuse pte markers. Or am I miss something?

> 
> [1] - <https://lore.kernel.org/linux-mm/20220405014833.14015-1-peterx@redhat.com/>

Many thanks for your comment and suggestion! :)

> 
...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ