| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Oct 2022 15:42:59 -0400
From: Peter Xu <peterx@...hat.com>
To: linux-mm@...ck.org, linux-kernel@...r.kernel.org
Cc: Axel Rasmussen <axelrasmussen@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andrea Arcangeli <aarcange@...hat.com>,
Nadav Amit <nadav.amit@...il.com>
Subject: Re: [PATCH 1/2] mm/uffd: Fix vma check on userfault for wp
On Mon, Oct 24, 2022 at 03:33:35PM -0400, Peter Xu wrote:
> We used to have a report that pte-marker code can be reached even when
> uffd-wp is not compiled in for file memories, here:
>
> https://lore.kernel.org/all/YzeR+R6b4bwBlBHh@x1n/T/#u
>
> I just got time to revisit this and found that the root cause is we simply
> messed up with the vma check, so that for !PTE_MARKER_UFFD_WP system, we
> will allow UFFDIO_REGISTER of MINOR & WP upon shmem as the check was wrong:
>
> if (vm_flags & VM_UFFD_MINOR)
> return is_vm_hugetlb_page(vma) || vma_is_shmem(vma);
>
> Where we'll allow anything to pass on shmem as long as minor mode is
> requested.
>
> Axel did it right when introducing minor mode but I messed it up in
> b1f9e876862d when moving code around. Fix it.
>
> Cc: Axel Rasmussen <axelrasmussen@...gle.com>
> Fixes: b1f9e876862d ("mm/uffd: enable write protection for shmem & hugetlbfs")
Should also have had:
Cc: stable@...r.kernel.org
> Signed-off-by: Peter Xu <peterx@...hat.com>
--
Peter Xu
Powered by blists - more mailing lists