lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y7S6ZPUKi07h5uZO@casper.infradead.org>
Date:   Tue, 3 Jan 2023 23:29:40 +0000
From:   Matthew Wilcox <willy@...radead.org>
To:     David Rientjes <rientjes@...gle.com>
Cc:     Vlastimil Babka <vbabka@...e.cz>,
        kernel test robot <oliver.sang@...el.com>,
        Hyeonggon Yoo <42.hyeyoo@...il.com>, oe-lkp@...ts.linux.dev,
        lkp@...el.com, Mike Rapoport <rppt@...ux.ibm.com>,
        Christoph Lameter <cl@...ux.com>, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org
Subject: Re: A better dump_page()

On Tue, Jan 03, 2023 at 03:07:12PM -0800, David Rientjes wrote:
> On Tue, 3 Jan 2023, Matthew Wilcox wrote:
> 
> > On Tue, Jan 03, 2023 at 11:42:11AM +0100, Vlastimil Babka wrote:
> > > Separately we should also make the __dump_page() more resilient.
> > 
> > Right.  It's not ideal when one of our best debugging tools obfuscates
> > the problem we're trying to debug.  I've seen probems like this before,
> > and the problem is that somebody calls dump_page() on a page that they
> > don't own a refcount on.  That lets the page mutate under us in some
> > fairly awkward ways (as you've seen here, it seems to be part of several
> > different compound allocations at various points during the dump
> > process).
> > 
> > One possibility I thought about was taking our own refcount on the
> > page at the start of dump_page().  That would kill off the possibility
> > of ever passing in a const struct page, and it would confuse people.
> > Also, what if somebody passes in a pointer to something that's not a
> > struct page?  Then we've (tried to) modify memory that's not a refcount.
> > 
> > I think the best we can do is to snapshot the struct page and the folio
> > it appears to belong to at the start of dump_page().  It'll take a
> > little care (for example, folio_pfn() must be passed the original
> > folio, and not the snapshot), but I think it's doable.
> > 
> 
> By snapshot do you mean memcpy() of the metadata to the stack?  I assume 
> this still leaves the opportunity for the underlying mutation of the page 
> but makes the window more narrow.

Right.  We'd need to memcpy() both the page and the folio, so around 192
bytes.  It doesn't make it consistent since it could be mutated during
the memcpy(), but it will be consistent throughout the execution of the
function, so we won't get calls like folio_entire_mapcount() aborting
due to the folio having become a tail page halfway through.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ