| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ec8d0f27-a3e8-3b93-6703-9935e009ceb2@redhat.com>
Date: Wed, 14 Jun 2023 17:57:41 +0200
From: David Hildenbrand <david@...hat.com>
To: Peter Xu <peterx@...hat.com>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
Matthew Wilcox <willy@...radead.org>,
Andrea Arcangeli <aarcange@...hat.com>,
John Hubbard <jhubbard@...dia.com>,
Mike Rapoport <rppt@...nel.org>,
Vlastimil Babka <vbabka@...e.cz>,
"Kirill A . Shutemov" <kirill@...temov.name>,
Andrew Morton <akpm@...ux-foundation.org>,
Mike Kravetz <mike.kravetz@...cle.com>,
James Houghton <jthoughton@...gle.com>,
Hugh Dickins <hughd@...gle.com>
Subject: Re: [PATCH 2/7] mm/hugetlb: Fix hugetlb_follow_page_mask() on
permission checks
On 14.06.23 17:46, Peter Xu wrote:
> On Wed, Jun 14, 2023 at 05:31:36PM +0200, David Hildenbrand wrote:
>> On 13.06.23 23:53, Peter Xu wrote:
>>> It seems hugetlb_follow_page_mask() was missing permission checks. For
>>> example, one follow_page() can get the hugetlb page with FOLL_WRITE even if
>>> the page is read-only.
>>
>> I'm curious if there even is a follow_page() user that operates on hugetlb
>> ...
>>
>> s390x secure storage does not apply to hugetlb IIRC.
>
> You're the expert, so I'll rely on you. :)
>
Hehe, there is a comment in gmap_destroy_page(), above one of the
follow_page() users:
/*
* Huge pages should not be able to become secure
*/
if (is_vm_hugetlb_page(vma))
goto out;
--
Cheers,
David / dhildenb
Powered by blists - more mailing lists