lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 18 Jun 2022 09:10:55 +0200
From:   David Hildenbrand <david@...hat.com>
To:     Miaohe Lin <linmiaohe@...wei.com>, akpm@...ux-foundation.org
Cc:     linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/3] mm/swapfile: make security_vm_enough_memory_mm()
 work as expected

On 18.06.22 04:43, Miaohe Lin wrote:
> On 2022/6/17 15:33, David Hildenbrand wrote:
>> On 08.06.22 16:40, Miaohe Lin wrote:
>>> security_vm_enough_memory_mm() checks whether a process has enough memory
>>> to allocate a new virtual mapping. And total_swap_pages is considered as
>>> available memory while swapoff tries to make sure there's enough memory
>>> that can hold the swapped out memory. But total_swap_pages contains the
>>> swap space that is being swapoff. So security_vm_enough_memory_mm() will
>>> success even if there's no memory to hold the swapped out memory because
>>
>> s/success/succeed/
> 
> OK. Thanks.
> 
>>
>>> total_swap_pages always greater than or equal to p->pages.
>>>
>>> In order to fix it, p->pages should be retracted from total_swap_pages
>>
>> s/retracted/subtracted/
> 
> OK. Thanks.
> 
>>
>>> first and then check whether there's enough memory for inuse swap pages.
>>>
>>> Signed-off-by: Miaohe Lin <linmiaohe@...wei.com>
>>> ---
>>>  mm/swapfile.c | 10 +++++++---
>>>  1 file changed, 7 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/mm/swapfile.c b/mm/swapfile.c
>>> index ec4c1b276691..d2bead7b8b70 100644
>>> --- a/mm/swapfile.c
>>> +++ b/mm/swapfile.c
>>> @@ -2398,6 +2398,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
>>>  	struct filename *pathname;
>>>  	int err, found = 0;
>>>  	unsigned int old_block_size;
>>> +	unsigned int inuse_pages;
>>>  
>>>  	if (!capable(CAP_SYS_ADMIN))
>>>  		return -EPERM;
>>> @@ -2428,9 +2429,13 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
>>>  		spin_unlock(&swap_lock);
>>>  		goto out_dput;
>>>  	}
>>> -	if (!security_vm_enough_memory_mm(current->mm, p->pages))
>>> -		vm_unacct_memory(p->pages);
>>> +
>>> +	total_swap_pages -= p->pages;
>>> +	inuse_pages = READ_ONCE(p->inuse_pages);
>>> +	if (!security_vm_enough_memory_mm(current->mm, inuse_pages))
>>> +		vm_unacct_memory(inuse_pages);
>>>  	else {
>>> +		total_swap_pages += p->pages;
>>
>> That implies that whenever we fail in security_vm_enough_memory_mm(),
>> that other concurrent users might see a wrong total_swap_pages.
>>
>> Assume 4 GiB memory and 8 GiB swap. Let's assume 10 GiB are in use.
>>
>> Temporarily, we'd have
>>
>> CommitLimit    4 GiB
>> Committed_AS  10 GiB
> 
> IIUC, even if without this change, the other concurrent users if come after vm_acct_memory()
> is done in __vm_enough_memory(), they might see
> 
> CommitLimit   12 GiB (4 GiB memory + 8GiB total swap)
> Committed_AS  18 GiB (10 GiB in use + 8GiB swap space to swapoff)
> 
> Or am I miss something?
> 

I think you are right!

Reviewed-by: David Hildenbrand <david@...hat.com>


-- 
Thanks,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ