lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Apr 2022 09:37:01 +0200 From: David Hildenbrand <david@...hat.com> To: Miaohe Lin <linmiaohe@...wei.com>, akpm@...ux-foundation.org Cc: willy@...radead.org, vbabka@...e.cz, dhowells@...hat.com, neilb@...e.de, apopple@...dia.com, surenb@...gle.com, minchan@...nel.org, peterx@...hat.com, sfr@...b.auug.org.au, rcampbell@...dia.com, naoya.horiguchi@....com, linux-mm@...ck.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] mm/swapfile: unuse_pte can map random data if swap read fails On 16.04.22 05:05, Miaohe Lin wrote: > There is a bug in unuse_pte(): when swap page happens to be unreadable, > page filled with random data is mapped into user address space. In case > of error, a special swap entry indicating swap read fails is set to the > page table. So the swapcache page can be freed and the user won't end up > with a permanently mounted swap because a sector is bad. And if the page > is accessed later, the user process will be killed so that corrupted data > is never consumed. On the other hand, if the page is never accessed, the > user won't even notice it. > > Signed-off-by: Miaohe Lin <linmiaohe@...wei.com> > --- > v2: > use special swap entry to avoid permanently mounted swap > free the bad page in swapcache > --- > include/linux/swap.h | 7 ++++++- > include/linux/swapops.h | 10 ++++++++++ > mm/memory.c | 5 ++++- > mm/swapfile.c | 11 +++++++++++ > 4 files changed, 31 insertions(+), 2 deletions(-) > > diff --git a/include/linux/swap.h b/include/linux/swap.h > index d112434f85df..03c576111737 100644 > --- a/include/linux/swap.h > +++ b/include/linux/swap.h > @@ -55,6 +55,10 @@ static inline int current_is_kswapd(void) > * actions on faults. > */ > > +#define SWAP_READ_ERROR_NUM 1 > +#define SWAP_READ_ERROR (MAX_SWAPFILES + SWP_HWPOISON_NUM + \ > + SWP_MIGRATION_NUM + SWP_DEVICE_NUM + \ > + SWP_PTE_MARKER_NUM) Does anything speak against reusing the hwpoison marker? At least from a program POV it's similar "the previously well defined content at this user space address is no longer readable/writable". I recall that we can just set the pfn to 0 for the hwpoison marker. There is e.g., check_hwpoisoned_entry() and it just stops if it finds "pfn=0". -- Thanks, David / dhildenb
Powered by blists - more mailing lists