lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 11 Jul 2023 20:54:42 -0400
From:   "Liam R. Howlett" <Liam.Howlett@...cle.com>
To:     Greg KH <gregkh@...uxfoundation.org>, linux-kernel@...r.kernel.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        John Hsu <John.Hsu@...iatek.com>, stable@...r.kernel.org,
        linux-mm@...ck.org
Subject: Re: [PATCH stable v6.1] mm/mmap: Fix extra maple tree write

* Liam R. Howlett <Liam.Howlett@...cle.com> [230707 12:45]:
> * Greg KH <gregkh@...uxfoundation.org> [230707 11:55]:
> > On Thu, Jul 06, 2023 at 02:51:35PM -0400, Liam R. Howlett wrote:
> > > commit 0503ea8f5ba73eb3ab13a81c1eefbaf51405385a upstream.
> > > 
> > > This was inadvertently fixed during the removal of __vma_adjust().
> > > 
> > > When __vma_adjust() is adjusting next with a negative value (pushing
> > > vma->vm_end lower), there would be two writes to the maple tree.  The
> > > first write is unnecessary and uses all allocated nodes in the maple
> > > state.  The second write is necessary but will need to allocate nodes
> > > since the first write has used the allocated nodes.  This may be a
> > > problem as it may not be safe to allocate at this time, such as a low
> > > memory situation.  Fix the issue by avoiding the first write and only
> > > write the adjusted "next" VMA.
> > 
> > Are you sure this is the same git id?  The one you reference above is
> > _VERY_ different from your 2 line change below.
> > 
> > And the changelog text is not the same.
> 
> Yes, but I am not sure I've indicated what happened correctly.
> 
> The bug exists in the older __vma_adjust() function, but I removed
> __vma_adjust() and inadvertently fixed the bug.  So the bug doesn't
> exist upstream *because* of that commit:
> 
> 0503ea8f5ba7 ("mm/mmap: remove __vma_adjust()")
> 
> My comment after the commit id indicates what happened, but the
> documentation wasn't clear to me on how to specify what happened.
> 
> Does this answer your question?

Friendly ping on this one?

Thanks,
Liam

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ