lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 18 Jan 2024 15:29:42 -0800
From: Axel Rasmussen <axelrasmussen@...gle.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Lokesh Gidra <lokeshgidra@...gle.com>, linux-fsdevel@...r.kernel.org, 
	linux-mm@...ck.org, linux-kernel@...r.kernel.org, selinux@...r.kernel.org, 
	surenb@...gle.com, kernel-team@...roid.com, aarcange@...hat.com, 
	peterx@...hat.com, david@...hat.com, bgeffon@...gle.com, willy@...radead.org, 
	jannh@...gle.com, kaleshsingh@...gle.com, ngeoffray@...gle.com
Subject: Re: [PATCH] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb

Apologies, I had forgotten to re-check the "send plaintext" checkbox
in my e-mail client, so the mailing lists rejected my previous mail. I
am duly ashamed. Allow me to try once more. :)

On Thu, Jan 18, 2024 at 1:59 PM Andrew Morton <akpm@...ux-foundation.org> wrote:
>
> On Wed, 17 Jan 2024 14:37:29 -0800 Lokesh Gidra <lokeshgidra@...gle.com> wrote:
>
> > In mfill_atomic_hugetlb(), mmap_changing isn't being checked
> > again if we drop mmap_lock and reacquire it. When the lock is not held,
> > mmap_changing could have been incremented. This is also inconsistent
> > with the behavior in mfill_atomic().

The change looks reasonable to me. I'm not sure I can conclusively say
there isn't some other mechanism specific to hugetlbfs which means
this isn't needed, though.

>
> Thanks. Could you and reviewers please consider
>
> - what might be the userspace-visible runtime effects?
>
> - Should the fix be backported into earlier kernels?
>
> - A suitable Fixes: target?

Hmm, 60d4d2d2b40e4 added __mcopy_atomic_hugetlb without this. But, at
that point in history, none of the other functions had mmap_changing
either.

So, I think the right Fixes: target is df2cc96e77011 ("userfaultfd:
prevent non-cooperative events vs mcopy_atomic races") ? It seems to
have missed the hugetlb path. This was introduced in 4.18.

Based on that commit's message, essentially what can happen if the
race "succeeds" is, memory can be accessed without userfaultfd being
notified of this fact. Depending on what userfaultfd is being used
for, from userspace's perspective this can appear like memory
corruption for example. So, based on that it seems to me reasonable to
backport this to stable kernels (4.19+).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ