lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAJF2gTQJZFfpSOx0yo3zJfECwpZR=79F5uLKVV_qqopS+F2PYA@mail.gmail.com>
Date:   Tue, 14 Jun 2022 00:08:50 +0800
From:   Guo Ren <guoren@...nel.org>
To:     Xianting Tian <xianting.tian@...ux.alibaba.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Vlastimil Babka <vbabka@...e.cz>, ziy@...dia.com,
        Linux-MM <linux-mm@...ck.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        stable@...r.kernel.org, huanyi.xj@...baba-inc.com,
        zjb194813@...baba-inc.com, tianhu.hh@...baba-inc.com
Subject: Re: [RESEND PATCH] mm: page_alloc: validate buddy before check the migratetype

On Mon, Jun 13, 2022 at 9:11 PM Xianting Tian
<xianting.tian@...ux.alibaba.com> wrote:
>
> Commit 787af64d05cd ("mm: page_alloc: validate buddy before check its migratetype.")
> added buddy check code. But unfortunately, this fix isn't backported to
> linux-5.17.y and the former stable branches. The reason is it added wrong
> fixes message:
>      Fixes: 1dd214b8f21c ("mm: page_alloc: avoid merging non-fallbackable
>                            pageblocks with others")
> Actually, this issue is involved by commit:
>      commit d9dddbf55667 ("mm/page_alloc: prevent merging between isolated and other pageblocks")
>
> For RISC-V arch, the first 2M is reserved for sbi, so the start PFN is 512,
> but it got buddy PFN 0 for PFN 0x2000:
>      0 = 0x2000 ^ (1 << 12)
How did we get 0? (Try it in gdb)
(gdb) p /x (0x2000 ^ (1<<12))
$3 = 0x3000

I think it got buddy PFN 0 for PFN 0x1000, right?
(gdb) p /x (0x1000 ^ (1<<12))
$4 = 0x0

> With the illegal buddy PFN 0, it got an illegal buddy page, which caused
> crash in __get_pfnblock_flags_mask().
>
> With the patch, it can avoid the calling of get_pageblock_migratetype() if
> it isn't buddy page.
>
> Fixes: d9dddbf55667 ("mm/page_alloc: prevent merging between isolated and other pageblocks")
> Cc: stable@...r.kernel.org
> Reported-by: zjb194813@...baba-inc.com
> Reported-by: tianhu.hh@...baba-inc.com
> Signed-off-by: Xianting Tian <xianting.tian@...ux.alibaba.com>
> ---
>  mm/page_alloc.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index b1caa1c6c887..5b423caa68fd 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1129,6 +1129,9 @@ static inline void __free_one_page(struct page *page,
>
>                         buddy_pfn = __find_buddy_pfn(pfn, order);
>                         buddy = page + (buddy_pfn - pfn);
> +
> +                       if (!page_is_buddy(page, buddy, order))
Right, we need to check the buddy_pfn valid, because some SoCs would
start dram address with an offset that has an order smaller than
MAX_ORDER.

> +                               goto done_merging;
>                         buddy_mt = get_pageblock_migratetype(buddy);
>
>                         if (migratetype != buddy_mt
> --
> 2.17.1
>

Fixup the comment and

Reviewed-by: Guo Ren <guoren@...nel.org>

-- 
Best Regards
 Guo Ren

ML: https://lore.kernel.org/linux-csky/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ