| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220713102357.8328614813db01b569650ffd@linux-foundation.org>
Date: Wed, 13 Jul 2022 10:23:57 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Miaohe Lin <linmiaohe@...wei.com>
Cc: <mike.kravetz@...cle.com>, <songmuchun@...edance.com>,
<linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] mm/hugetlb: avoid corrupting page->mapping in
hugetlb_mcopy_atomic_pte
On Tue, 12 Jul 2022 21:05:42 +0800 Miaohe Lin <linmiaohe@...wei.com> wrote:
> In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page
> cache are installed in the ptes. But hugepage_add_new_anon_rmap is called
> for them mistakenly because they're not vm_shared. This will corrupt the
> page->mapping used by page cache code.
Well that sounds bad. And theories on why this has gone unnoticed for
over a year? I assume this doesn't have coverage in our selftests?
> --- a/mm/hugetlb.c
> +++ b/mm/hugetlb.c
> @@ -6038,7 +6038,7 @@ int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm,
> if (!huge_pte_none_mostly(huge_ptep_get(dst_pte)))
> goto out_release_unlock;
>
> - if (vm_shared) {
> + if (page_in_pagecache) {
> page_dup_file_rmap(page, true);
> } else {
> ClearHPageRestoreReserve(page);
> --
> 2.23.0
Powered by blists - more mailing lists