lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <FEB74A1F-9DA2-4B37-8AD5-5E41A399046C@linux.dev>
Date:   Fri, 24 Mar 2023 09:59:16 +0800
From:   Muchun Song <muchun.song@...ux.dev>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     Muchun Song <songmuchun@...edance.com>, glider@...gle.com,
        elver@...gle.com, dvyukov@...gle.com, jannh@...gle.com,
        sjpark@...zon.de, kasan-dev@...glegroups.com,
        Linux Memory Management List <linux-mm@...ck.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm: kfence: fix handling discontiguous page



> On Mar 24, 2023, at 06:18, Andrew Morton <akpm@...ux-foundation.org> wrote:
> 
> On Thu, 23 Mar 2023 10:50:03 +0800 Muchun Song <songmuchun@...edance.com> wrote:
> 
>> The struct pages could be discontiguous when the kfence pool is allocated
>> via alloc_contig_pages() with CONFIG_SPARSEMEM and !CONFIG_SPARSEMEM_VMEMMAP.
>> So, the iteration should use nth_page().
> 
> What are the user-visible runtime effects of this flaw?

Set the PG_slab and memcg_data to a arbitrary address (may be not used as a struct
page), so the worst case may corrupt the kernel.

Thanks.

> 
> Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ