| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Jun 2024 14:06:43 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Peng Zhang <zhangpeng362@...wei.com> Cc: <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>, <willy@...radead.org>, <ying.huang@...el.com>, <fengwei.yin@...el.com>, <david@...hat.com>, <aneesh.kumar@...ux.ibm.com>, <shy828301@...il.com>, <hughd@...gle.com>, <wangkefeng.wang@...wei.com>, <sunnanyong@...wei.com> Subject: Re: [PATCH] filemap: replace pte_offset_map() with pte_offset_map_nolock() On Wed, 13 Mar 2024 09:29:13 +0800 Peng Zhang <zhangpeng362@...wei.com> wrote: > From: ZhangPeng <zhangpeng362@...wei.com> > > The vmf->ptl in filemap_fault_recheck_pte_none() is still set from > handle_pte_fault(). But at the same time, we did a pte_unmap(vmf->pte). > After a pte_unmap(vmf->pte) unmap and rcu_read_unlock(), the page table > may be racily changed and vmf->ptl maybe fails to protect the actual > page table. > Fix this by replacing pte_offset_map() with pte_offset_map_nolock(). > > ... > > --- a/mm/filemap.c > +++ b/mm/filemap.c > @@ -3207,7 +3207,8 @@ static vm_fault_t filemap_fault_recheck_pte_none(struct vm_fault *vmf) > if (!(vmf->flags & FAULT_FLAG_ORIG_PTE_VALID)) > return 0; > > - ptep = pte_offset_map(vmf->pmd, vmf->address); > + ptep = pte_offset_map_nolock(vma->vm_mm, vmf->pmd, vmf->address, > + &vmf->ptl); > if (unlikely(!ptep)) > return VM_FAULT_NOPAGE; > whoops, I'm still sitting on this because I didn't know whether we should backport it. And... guess what I say next. Can we please describe what are the userspace visible effects of the bug?
Powered by blists - more mailing lists