lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y9eXDvjQ4ydKewCo@FVFF77S0Q05N>
Date:   Mon, 30 Jan 2023 10:08:14 +0000
From:   Mark Rutland <mark.rutland@....com>
To:     Will Deacon <will@...nel.org>
Cc:     Anshuman Khandual <anshuman.khandual@....com>,
        linux-arm-kernel@...ts.infradead.org, catalin.marinas@....com,
        Andrew Morton <akpm@...ux-foundation.org>,
        linux-kernel@...r.kernel.org, Mark Brown <broonie@...nel.org>,
        robin.murphy@....com
Subject: Re: [PATCH V2] arm64/mm: Intercept pfn changes in set_pte_at()

On Fri, Jan 27, 2023 at 03:16:52PM +0000, Mark Rutland wrote:
> On Thu, Jan 26, 2023 at 01:33:22PM +0000, Will Deacon wrote:
> > On Tue, Jan 24, 2023 at 11:11:49AM +0530, Anshuman Khandual wrote:
> > > On 1/9/23 10:58, Anshuman Khandual wrote:
> > > > Changing pfn on a user page table mapped entry, without first going through
> > > > break-before-make (BBM) procedure is unsafe. This just updates set_pte_at()
> > > > to intercept such changes, via an updated pgattr_change_is_safe(). This new
> > > > check happens via __check_racy_pte_update(), which has now been renamed as
> > > > __check_safe_pte_update().
> > > > 
> > > > Cc: Catalin Marinas <catalin.marinas@....com>
> > > > Cc: Will Deacon <will@...nel.org>
> > > > Cc: Mark Rutland <mark.rutland@....com>
> > > > Cc: Andrew Morton <akpm@...ux-foundation.org>
> > > > Cc: linux-arm-kernel@...ts.infradead.org
> > > > Cc: linux-kernel@...r.kernel.org
> > > > Signed-off-by: Anshuman Khandual <anshuman.khandual@....com>
> > > > ---
> > > > This applies on v6.2-rc3. This patch had some test time on an internal CI
> > > > system without any issues being reported.
> > > 
> > > Gentle ping, any updates on this patch ? Still any concerns ?
> > 
> > I don't think we really got to the bottom of Mark's concerns with
> > unreachable ptes on the stack, did we? I also have vague recollections
> > of somebody (Robin?) running into issues with the vmap code not honouring
> > BBM.
> > 
> > So I think we should confirm/fix the vmap issue before we enable this check
> > and also try to get some testing coverage to address Mark's worries. I think
> > he has a syzkaller instance set up, so that sound like a good place to
> > start.
> 
> I've thrown my Syzkaller instance at this patch; if it doesn't find anything by
> Monday I reckon we should pick this up.

FWIW, that hasn't hit anything so far.

It would be good if we could explicitly nots which mm test suite and/or stress
tests are happy with this, but otherwise this looks good to me.

Thanks,
Mark.

> That said, I had some minor nits on the patch; I'm not sure if you'd be happy
> to apply the suggested changes when applying or if you'd prefer that Anshuman
> applies those locally and sense a v3.
> 
> Thanks,
> Mark.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ