| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Dec 2022 12:03:51 +0100
From: David Hildenbrand <david@...hat.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Peter Xu <peterx@...hat.com>, linux-kernel@...r.kernel.org,
linux-mm@...ck.org, Mike Rapoport <rppt@...ux.vnet.ibm.com>,
Nadav Amit <nadav.amit@...il.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Ives van Hoorne <ives@...esandbox.io>,
Axel Rasmussen <axelrasmussen@...gle.com>,
Alistair Popple <apopple@...dia.com>, stable@...r.kernel.org
Subject: Re: [PATCH v3 1/2] mm/migrate: Fix read-only page got writable when
recover pte
On 01.12.22 23:30, Andrew Morton wrote:
> On Thu, 1 Dec 2022 16:42:52 +0100 David Hildenbrand <david@...hat.com> wrote:
>
>> On 01.12.22 16:28, Peter Xu wrote:
>>>
>>> I didn't reply here because I have already replied with the question in
>>> previous version with a few attempts. Quotting myself:
>>>
>>> https://lore.kernel.org/all/Y3KgYeMTdTM0FN5W@x1n/
>>>
>>> The thing is recovering the pte into its original form is the
>>> safest approach to me, so I think we need justification on why it's
>>> always safe to set the write bit.
>>>
>>> I've also got another longer email trying to explain why I think it's the
>>> other way round to be justfied, rather than justifying removal of the write
>>> bit for a read migration entry, here:
>>>
>>
>> And I disagree for this patch that is supposed to fix this hunk:
>>
>>
>> @@ -243,11 +243,15 @@ static bool remove_migration_pte(struct page *page, struct vm_area_struct *vma,
>> entry = pte_to_swp_entry(*pvmw.pte);
>> if (is_write_migration_entry(entry))
>> pte = maybe_mkwrite(pte, vma);
>> + else if (pte_swp_uffd_wp(*pvmw.pte))
>> + pte = pte_mkuffd_wp(pte);
>>
>> if (unlikely(is_zone_device_page(new))) {
>> if (is_device_private_page(new)) {
>> entry = make_device_private_entry(new, pte_write(pte));
>> pte = swp_entry_to_pte(entry);
>> + if (pte_swp_uffd_wp(*pvmw.pte))
>> + pte = pte_mkuffd_wp(pte);
>> }
>> }
>
> David, I'm unclear on what you mean by the above. Can you please
> expand?
>
>>
>> There is really nothing to justify the other way around here.
>> If it's broken fix it independently and properly backport it independenty.
>>
>> But we don't know about any such broken case.
>>
>> I have no energy to spare to argue further ;)
>
> This is a silent data loss bug, which is about as bad as it gets.
> Under obscure conditions, fortunately. But please let's keep working
> it. Let's aim for something minimal for backporting purposes. We can
> revisit any cleanliness issues later.
Okay, you activated my energy reserves.
>
> David, do you feel that the proposed fix will at least address the bug
> without adverse side-effects?
Usually, when I suspect something is dodgy I unconsciously push back
harder than I usually would.
I just looked into the issue once again and realized that this patch
here (and also my alternative proposal) most likely tackles the
more-generic issue from the wrong direction. I found yet another such
bug (most probably two, just too lazy to write another reproducer).
Migration code does the right thing here -- IMHO -- and the issue should
be fixed differently.
I'm testing an alternative patch right now and will share it later
today, along with a reproducer.
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists