| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Dec 2022 22:55:28 +0100
From: Jann Horn <jannh@...gle.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Liam Howlett <liam.howlett@...cle.com>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Yu Zhao <yuzhao@...gle.com>, Jason Donenfeld <Jason@...c4.com>,
Matthew Wilcox <willy@...radead.org>,
SeongJae Park <sj@...nel.org>, Vlastimil Babka <vbabka@...e.cz>
Subject: Re: [PATCH v2] mmap: Fix do_brk_flags() modifying obviously incorrect VMAs
On Mon, Dec 5, 2022 at 9:32 PM Andrew Morton <akpm@...ux-foundation.org> wrote:
> On Mon, 5 Dec 2022 19:23:17 +0000 Liam Howlett <liam.howlett@...cle.com> wrote:
> > Add more sanity checks to the VMA that do_brk_flags() will expand.
> > Ensure the VMA matches basic merge requirements within the function
> > before calling can_vma_merge_after().
>
> I't unclear what's actually being fixed here.
>
> Why do you feel we need the above changes?
>
> > Drop the duplicate checks from vm_brk_flags() since they will be
> > enforced later.
> >
> > Fixes: 2e7ce7d354f2 ("mm/mmap: change do_brk_flags() to expand existing VMA and add do_brk_munmap()")
>
> Fixes in what way? Removing the duplicate checks?
The old code would expand file VMAs on brk(), which is functionally
wrong and also dangerous in terms of locking because the brk() path
isn't designed for file VMAs and therefore doesn't lock the file
mapping. Checking can_vma_merge_after() ensures that new anonymous
VMAs can't be merged into file VMAs.
See https://lore.kernel.org/linux-mm/CAG48ez1tJZTOjS_FjRZhvtDA-STFmdw8PEizPDwMGFd_ui0Nrw@mail.gmail.com/
.
Powered by blists - more mailing lists