lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0e864a86-040b-810d-86ee-f702604e7f5f@redhat.com>
Date:   Fri, 2 Dec 2022 16:40:47 +0100
From:   David Hildenbrand <david@...hat.com>
To:     Peter Xu <peterx@...hat.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        Mike Rapoport <rppt@...ux.vnet.ibm.com>,
        Nadav Amit <nadav.amit@...il.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Ives van Hoorne <ives@...esandbox.io>,
        Axel Rasmussen <axelrasmussen@...gle.com>,
        Alistair Popple <apopple@...dia.com>, stable@...r.kernel.org
Subject: Re: [PATCH v3 1/2] mm/migrate: Fix read-only page got writable when
 recover pte

>>>>
>>>> David, do you feel that the proposed fix will at least address the bug
>>>> without adverse side-effects?
>>>
>>> Usually, when I suspect something is dodgy I unconsciously push back
>>> harder than I usually would.
> 
> Please consider using unconsciousness only for self guidance, figuring out
> directions, or making decisions on one's own.

Yeah, sorry about my communication. I expressed that this approach felt 
wrong to me, I just wasn't able to phrase exactly why I thought 
migration is doing the right thing and didn't have a lot of time to look 
into the details.

Now I dedicated some time and realized that mproctect() is doing the 
exact same thing, it became clearer to me why migration code wasn't 
broken before.

> 
> For discussions on the list which can get more than one person involved, we
> do need consciousness and reasonings.

Yeah, I need vacation.

> 
> Thanks for the reproducer, that's definitely good reasonings.  Do you have
> other reproducer that can trigger an issue without mprotect()?

As noted in the RFC patch I sent, I suspect NUMA hinting page remapping 
might similarly trigger it. I did not try reproducing it, though.

> 
> As I probably mentioned before in other threads mprotect() is IMHO
> conceptually against uffd-wp and I don't yet figured out how to use them
> all right.  For example, we can uffd-wr-protect a pte in uffd-wp range,
> then if we do "mprotect(RW)" it's hard to tell whether the user wants it
> write or not.  E.g., using mprotect(RW) to resolve page faults should be
> wrong because it'll not touch the uffd-wp bit at all.  I confess I never
> thought more on how we should define the interactions between uffd-wp and
> mprotect.
> 
> In short, it'll be great if you have other reproducers for any uffd-wp
> issues other than mprotect().
> 
> I said that also because I just got another message from Ives privately
> that there _seems_ to have yet another even harder to reproduce bug here
> (Ives, feel free to fill in any more information if you got it).  So if you
> can figure out what's missing and already write a reproducer, that'll be
> perfect.

Maybe NUMA hitning on the fallback path, when we didn't migrate or 
migration failed?

-- 
Thanks,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ