| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220426003118.GA3829204@hori.linux.bs1.fc.nec.co.jp>
Date: Tue, 26 Apr 2022 00:31:18 +0000
From: HORIGUCHI NAOYA(堀口 直也)
<naoya.horiguchi@....com>
To: Miaohe Lin <linmiaohe@...wei.com>
CC: David Hildenbrand <david@...hat.com>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
"willy@...radead.org" <willy@...radead.org>,
"vbabka@...e.cz" <vbabka@...e.cz>,
"dhowells@...hat.com" <dhowells@...hat.com>,
"neilb@...e.de" <neilb@...e.de>,
"apopple@...dia.com" <apopple@...dia.com>,
"surenb@...gle.com" <surenb@...gle.com>,
"minchan@...nel.org" <minchan@...nel.org>,
"peterx@...hat.com" <peterx@...hat.com>,
"sfr@...b.auug.org.au" <sfr@...b.auug.org.au>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 1/3] mm/swapfile: unuse_pte can map random data if swap
read fails
On Mon, Apr 25, 2022 at 04:47:41PM +0800, Miaohe Lin wrote:
> On 2022/4/25 15:45, David Hildenbrand wrote:
> > On 25.04.22 03:08, HORIGUCHI NAOYA(堀口 直也) wrote:
> >> On Sun, Apr 24, 2022 at 05:11:03PM +0800, Miaohe Lin wrote:
> >>> There is a bug in unuse_pte(): when swap page happens to be unreadable,
> >>> page filled with random data is mapped into user address space. In case
> >>> of error, a special swap entry indicating swap read fails is set to the
> >>> page table. So the swapcache page can be freed and the user won't end up
> >>> with a permanently mounted swap because a sector is bad. And if the page
> >>> is accessed later, the user process will be killed so that corrupted data
> >>> is never consumed. On the other hand, if the page is never accessed, the
> >>> user won't even notice it.
> >>>
> >>> Signed-off-by: Miaohe Lin <linmiaohe@...wei.com>
> >>> Acked-by: David Hildenbrand <david@...hat.com>
> >>
> >> Hi Miaohe,
> >>
> >> This bug sounds relatively serious to me, and it seems old, so is it worth
> >> sending to -stable?
> >
> > I'm not sure if this is worth -stable, but no strong opinion.
>
> I have no strong opinion too. I'm just afraid someone might run into it. But swapoff is
> expected to be a rare operation anyway...
>
> >
> > The do_swap_page() part was added in 2005:
> >
> > commit b81074800b98ac50b64d4c8d34e8abf0fda5e3d1
> > Author: Kirill Korotaev <dev@...ru>
> > Date: Mon May 16 21:53:50 2005 -0700
> >
> > [PATCH] do_swap_page() can map random data if swap read fails
> >
> > There is a bug in do_swap_page(): when swap page happens to be unreadable,
> > page filled with random data is mapped into user address space. The fix is
> > to check for PageUptodate and send SIGBUS in case of error.
> >
> > Signed-Off-By: Kirill Korotaev <dev@...ru>
> > Signed-Off-By: Alexey Kuznetsov <kuznet@....inr.ac.ru>
> > Acked-by: Hugh Dickins <hugh@...itas.com>
> > Signed-off-by: Andrew Morton <akpm@...l.org>
> > Signed-off-by: Linus Torvalds <torvalds@...l.org>
> >
> > So the do_swap_page() part has been fixed for quite a while already.
>
> Does this mean only do_swap_page maps random data if swap read fails is observed from that time on?
> So this might not be worth -stable as it's never seen more than a decade?
OK, both choices seems possible, so not sending to -stable is fine to me.
It's finally up to you.
Thanks,
Naoya Horiguchi
Powered by blists - more mailing lists