lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20230516165754.pocx4kaagn3yyw3r@revolver>
Date:   Tue, 16 May 2023 12:57:54 -0400
From:   "Liam R. Howlett" <Liam.Howlett@...cle.com>
To:     Peter Xu <peterx@...hat.com>
Cc:     Jeff Xu <jeffxu@...omium.org>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
        linux-hardening@...r.kernel.org,
        Jorge Lucangeli Obes <jorgelo@...omium.org>,
        lstoakes@...il.com, zhangpeng.00@...edance.com
Subject: Re: mprotect outbound check.

* Peter Xu <peterx@...hat.com> [230516 12:35]:
> On Mon, May 15, 2023 at 06:41:35PM -0700, Jeff Xu wrote:
> > + Peter, Lian, Lorenzo
> > 
> > Is this related to this hotfix ?
> >       mm/mprotect: fix do_mprotect_pkey() return on error
> 
> Doesn't look like to me, that seems to only avoid replacing an error with
> another error, rather than stop returning error for any case.
> 
> AFAIU this shouldn't be intentional, but Liam could correct.  Maybe a
> bisection would show at least when it got changed?

I did not intentionally modify the return of mprotect for this case.  As
Peter said, that change shouldn't cause the change in behaviour you are
seeing.

A bisection would help narrow it down, as it could be changes to mm/mmap
vma_merge() and friends.

Thanks,
Liam

> 
> > 
> > 
> > Thanks!
> > 
> > -Jeff
> > 
> > 
> > 
> > 
> > 
> > 
> > On Mon, May 15, 2023 at 11:00 AM Jeff Xu <jeffxu@...omium.org> wrote:
> > >
> > > Noticed there is a slight change for mprotect between 6.1 and 6.4 RC1
> > >
> > > For example:
> > > Consider the case below:
> > > 1 mmap(0x5000000, PAGE_SIZE,  ...)
> > > 2 mprotect(0x5000000, PAGE_SIZE*4, ...)
> > >
> > > in 6.1 and before, 2 will fail, and in 6.4 RC1, it will pass.
> > >
> > > I know that munmap will accept out-of-bound cases like this (because
> > > memory is freed anyway).
> > >
> > > Is this change intentional ?
> > >
> > > Thanks!
> > > Best regards,
> > > -Jeff
> > 
> 
> -- 
> Peter Xu
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ