lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Aug 2022 09:23:30 +0200
From:   Michal Hocko <mhocko@...e.com>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     Charan Teja Kalla <quic_charante@...cinc.com>, david@...hat.com,
        pasha.tatashin@...een.com, sieberf@...zon.com, shakeelb@...gle.com,
        sjpark@...zon.de, dhowells@...hat.com, willy@...radead.org,
        quic_pkondeti@...cinc.com, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org
Subject: Re: [PATCH V3] mm: fix use-after free of page_ext after race with
 memory-offline

On Tue 09-08-22 18:57:14, Andrew Morton wrote:
> On Tue, 9 Aug 2022 20:16:43 +0530 Charan Teja Kalla <quic_charante@...cinc.com> wrote:
> 
> > The below is one path where race between page_ext and  offline of the
> > respective memory blocks will cause use-after-free on the access of
> > page_ext structure.
> 
> Has this race ever been observed at runtime?
> 
> Given the size of the fix, I'm looking for excuses to not backport it
> into -stable kernels!

I believe this is quite theoretical for two reasons
1) the memory hotplug (offlining) is quite rare operation
2) with all the retries the race window is quite hard to trigger

So this is good to have address long term but nothing really for stable
until somebody actually hits that with a real world workload.

Btw. I plan to have a look and review this but times are busy. Hopefully
soon.

Thanks!

-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ