| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <98b1bbc5-7579-45b1-91b5-1a9f76ef7900@lucifer.local>
Date: Tue, 10 Dec 2024 10:17:59 +0000
From: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
To: Suren Baghdasaryan <surenb@...gle.com>
Cc: akpm@...ux-foundation.org, oliver.sang@...el.com, klarasmodin@...il.com,
willy@...radead.org, liam.howlett@...cle.com, mhocko@...e.com,
vbabka@...e.cz, hannes@...xchg.org, mjguzik@...il.com,
mgorman@...hsingularity.net, david@...hat.com, peterx@...hat.com,
oleg@...hat.com, dave@...olabs.net, paulmck@...nel.org,
brauner@...nel.org, dhowells@...hat.com, hdanton@...a.com,
hughd@...gle.com, minchan@...gle.com, jannh@...gle.com,
shakeel.butt@...ux.dev, souravpanda@...gle.com,
pasha.tatashin@...een.com, corbet@....net, linux-doc@...r.kernel.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org,
kernel-team@...roid.com
Subject: Re: [PATCH 1/1] mm: fix vma_copy for !CONFIG_PER_VMA_LOCK
On Mon, Dec 09, 2024 at 02:10:28PM -0800, Suren Baghdasaryan wrote:
> vma_copy() function for !CONFIG_PER_VMA_LOCK configuration copies all
> fields using memcpy() as opposed to CONFIG_PER_VMA_LOCK version which
> copies only required fields. anon_vma_chain field should not be copied
> and new vma should instead initialize it to an empty list. Fix this
> by initializing anon_vma_chain inside vma_copy() function. The version
> of vma_copy() for CONFIG_PER_VMA_LOCK is fine since it does not change
> that field and anon_vma_chain of any new vma is already initialized and
> empty.
Yeah ouch, good spot though.
This anon_vma stuff is landmine after landmine...
>
> Fixes: 85ad413389ae ("mm: make vma cache SLAB_TYPESAFE_BY_RCU")
> Reported-by: kernel test robot <oliver.sang@...el.com>
> Closes: https://lore.kernel.org/oe-lkp/202412082208.db1fb2c9-lkp@intel.com
> Reported-by: Klara Modin <klarasmodin@...il.com>
> Closes: https://lore.kernel.org/all/d0ae7609-aca4-4497-9188-bb09e96e7768@gmail.com/
> Signed-off-by: Suren Baghdasaryan <surenb@...gle.com>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
> ---
> Applies over mm-unstable
>
> kernel/fork.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/kernel/fork.c b/kernel/fork.c
> index fec32aa06135..d532f893e977 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
Unrelated to patch but it _really_ truly sucks to have this in
kernel/fork.c. Maybe unavoidable given we put a bunch of this kind of logic
there, but would be good to change this at some point...
> @@ -524,6 +524,7 @@ static void vma_copy(const struct vm_area_struct *src, struct vm_area_struct *de
> * will be reinitialized.
> */
> data_race(memcpy(dest, src, sizeof(*dest)));
> + INIT_LIST_HEAD(&dest->anon_vma_chain);
Nit, but might be worth a comment here. Though I suppose it's kind of implicit.
> }
>
> #endif /* CONFIG_PER_VMA_LOCK */
>
> base-commit: 6e165f54437931f329d09dca6c19d99af08a36e1
> --
> 2.47.0.338.g60cca15819-goog
>
Powered by blists - more mailing lists