lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zd6WJe9xrRwkphfm@casper.infradead.org>
Date: Wed, 28 Feb 2024 02:10:45 +0000
From: Matthew Wilcox <willy@...radead.org>
To: mawupeng <mawupeng1@...wei.com>
Cc: david@...hat.com, akpm@...ux-foundation.org, khlebnikov@...nvz.org,
	jaredeh@...il.com, linmiaohe@...wei.com, hpa@...or.com,
	dave.hansen@...ux.intel.com, luto@...nel.org, tglx@...utronix.de,
	peterz@...radead.org, linux-kernel@...r.kernel.org, x86@...nel.org,
	mingo@...hat.com, rdunlap@...radead.org, bhelgaas@...gle.com,
	linux-mm@...ck.org
Subject: Re: [Question] CoW on VM_PFNMAP vma during write fault

On Wed, Feb 28, 2024 at 09:55:24AM +0800, mawupeng wrote:
> On 2024/2/27 21:15, David Hildenbrand wrote:
> > On 27.02.24 14:00, David Hildenbrand wrote:
> >> On 27.02.24 13:28, Wupeng Ma wrote:
> >>> We find that a warn will be produced during our test, the detail log is
> >>> shown in the end.
> >>>
> >>> The core problem of this warn is that the first pfn of this pfnmap vma is
> >>> cleared during memory-failure. Digging into the source we find that this
> >>> problem can be triggered as following:
> >>>
> >>> // mmap with MAP_PRIVATE and specific fd which hook mmap
> >>> mmap(MAP_PRIVATE, fd)
> >>>     __mmap_region
> >>>       remap_pfn_range
> >>>       // set vma with pfnmap and the prot of pte is read only
> >>>     
> >>
> >> Okay, so we get a MAP_PRIVATE VM_PFNMAP I assume.
> >>
> >> What fd is that exactly? Often, we disallow private mappings in the
> >> mmap() callback (for a good reason).
> 
> just a device fd with device-specify mmap which use remap_pfn_range to assign memory.

But what meaning do you want MAP_PRIVATE of this fd to have?  Does it
make sense to permit this, or should you rather just return -EINVAL if
somebody tries to mmap() with MAP_PRIVATE set?


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ