| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Apr 2022 09:37:01 +0200
From: David Hildenbrand <david@...hat.com>
To: Miaohe Lin <linmiaohe@...wei.com>, akpm@...ux-foundation.org
Cc: willy@...radead.org, vbabka@...e.cz, dhowells@...hat.com,
neilb@...e.de, apopple@...dia.com, surenb@...gle.com,
minchan@...nel.org, peterx@...hat.com, sfr@...b.auug.org.au,
rcampbell@...dia.com, naoya.horiguchi@....com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] mm/swapfile: unuse_pte can map random data if swap
read fails
On 16.04.22 05:05, Miaohe Lin wrote:
> There is a bug in unuse_pte(): when swap page happens to be unreadable,
> page filled with random data is mapped into user address space. In case
> of error, a special swap entry indicating swap read fails is set to the
> page table. So the swapcache page can be freed and the user won't end up
> with a permanently mounted swap because a sector is bad. And if the page
> is accessed later, the user process will be killed so that corrupted data
> is never consumed. On the other hand, if the page is never accessed, the
> user won't even notice it.
>
> Signed-off-by: Miaohe Lin <linmiaohe@...wei.com>
> ---
> v2:
> use special swap entry to avoid permanently mounted swap
> free the bad page in swapcache
> ---
> include/linux/swap.h | 7 ++++++-
> include/linux/swapops.h | 10 ++++++++++
> mm/memory.c | 5 ++++-
> mm/swapfile.c | 11 +++++++++++
> 4 files changed, 31 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/swap.h b/include/linux/swap.h
> index d112434f85df..03c576111737 100644
> --- a/include/linux/swap.h
> +++ b/include/linux/swap.h
> @@ -55,6 +55,10 @@ static inline int current_is_kswapd(void)
> * actions on faults.
> */
>
> +#define SWAP_READ_ERROR_NUM 1
> +#define SWAP_READ_ERROR (MAX_SWAPFILES + SWP_HWPOISON_NUM + \
> + SWP_MIGRATION_NUM + SWP_DEVICE_NUM + \
> + SWP_PTE_MARKER_NUM)
Does anything speak against reusing the hwpoison marker? At least from a
program POV it's similar "the previously well defined content at this
user space address is no longer readable/writable".
I recall that we can just set the pfn to 0 for the hwpoison marker.
There is e.g., check_hwpoisoned_entry() and it just stops if it finds
"pfn=0".
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists