lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZqpTaKHdrYt61HYy@localhost.localdomain>
Date: Wed, 31 Jul 2024 17:08:24 +0200
From: Oscar Salvador <osalvador@...e.de>
To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org,
	linux-mm@...ck.org, Peter Xu <peterx@...hat.com>,
	Muchun Song <muchun.song@...ux.dev>,
	David Hildenbrand <david@...hat.com>,
	Donet Tom <donettom@...ux.ibm.com>,
	Matthew Wilcox <willy@...radead.org>,
	Vlastimil Babka <vbabka@...e.cz>, Michal Hocko <mhocko@...e.com>
Subject: Re: [PATCH v2 6/9] mm: Make hugetlb mappings go through
 mm_get_unmapped_area_vmflags

On Wed, Jul 31, 2024 at 12:02:47PM +0100, Lorenzo Stoakes wrote:
> On Mon, Jul 29, 2024 at 11:10:15AM GMT, Oscar Salvador wrote:
> >   * Someone wants to read @bytes from a HWPOISON hugetlb @page from @offset.
> > @@ -1300,7 +1307,6 @@ static const struct file_operations hugetlbfs_file_operations = {
> >  	.read_iter		= hugetlbfs_read_iter,
> >  	.mmap			= hugetlbfs_file_mmap,
> >  	.fsync			= noop_fsync,
> > -	.get_unmapped_area	= hugetlb_get_unmapped_area,
> 
> This is causing a NULL pointer deref error in the mm self-tests,
> specifically hugepage-shm.
> 
> This is because in __get_unmapped_area(), you check to see if the file has
> an f_ops->get_unampped_area() however ('wonderfully'...) the shm stuff
> wraps it, so this will be shm_get_unmapped_area() which then accesses the
> underlying hugetlb file and _unconditionally_ calls
> f_op->get_unmapped_area(), which you just made NULL and... kaboom :)
> 
> You can't even add null check in to this wrapper as at this point
> everything assumes that you _can_ get an unmapped area. So yeah, it's kinda
> broken.
> 
> This makes me think the whole thing is super-delicate and you probably need
> to rethink this approach carefully, or least _very carefully_ audit users
> of this operation.

Thanks for reporting this Lorenzo, highly appreciated.

I will check, but..

> By doing this you are causing an compilation error (at least on my compiler
> with an x86-64 defconfig-based build):
> 
> arch/x86/mm/hugetlbpage.c:84:1: error: no previous prototype for
> ‘hugetlb_get_unmapped_area’ [-Werror=missing-prototypes]
>    84 | hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
>       | ^~~~~~~~~~~~~~~~~~~~~~~~~

Something is off here.

git grep hugetlb_get_unmapped_area

returns nothing.
After this, arch/x86/mm/hugetlbpage.c should only contain:

  #ifdef CONFIG_X86_64
  bool __init arch_hugetlb_valid_size(unsigned long size)
  {
          if (size == PMD_SIZE)
                  return true;
          else if (size == PUD_SIZE && boot_cpu_has(X86_FEATURE_GBPAGES))
                  return true;
          else
                  return false;
  }
  
  #ifdef CONFIG_CONTIG_ALLOC
  static __init int gigantic_pages_init(void)
  {
          /* With compaction or CMA we can allocate gigantic pages at runtime */
          if (boot_cpu_has(X86_FEATURE_GBPAGES))
                  hugetlb_add_hstate(PUD_SHIFT - PAGE_SHIFT);
          return 0;
  }
  arch_initcall(gigantic_pages_init);
  #endif
  #endif

so what is going here?
Maybe the series was not properly applied to mm-unstable?

I will have a look.


-- 
Oscar Salvador
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ