| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Nov 2022 22:18:28 +0100
From: Thomas Gleixner <tglx@...utronix.de>
To: Jann Horn <jannh@...gle.com>
Cc: Andrei Vagin <avagin@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] time/namespace: Forbid timens page faults under
kthread_use_mm()
On Tue, Nov 29 2022 at 20:18, Jann Horn wrote:
> find_timens_vvar_page() doesn't work when current's timens does not match
> the timens associated with current->mm.
> v6 of the series adding this code [1] had some complicated code to deal
> with this case, but v7 [2] removed that.
>
> Since the vvar region is designed to only be accessed by vDSO code, and
> vDSO code can't run in kthread context, it should be fine to error out in
> this case.
Should? Either it is correct or not.
But the way more interesting question is:
> struct page *find_timens_vvar_page(struct vm_area_struct *vma)
> {
> + /*
> + * We can't handle faults where current's timens does not match the
> + * timens associated with the mm_struct. This can happen if a page fault
> + * occurs in a kthread that is using kthread_use_mm().
> + */
How does a kthread, which obvioulsy did kthread_use_mm(), end up trying to
fault in the time namespace vvar page?
It's probably something nasty, but the changelog has a big information
void.
It neither answers the obvious question why this is a problem of the
time namespace vvar page and not a general issue versus a kthread, which
borrowed a user mm, ending up in vdso_fault() in the first place?
None of those VDSO (user space) addresses are subject to be faulted in
by anything else than the associated user space task(s).
Thanks,
tglx
Powered by blists - more mailing lists