| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c9e45248-089e-4041-8f7e-98203a0831cf@redhat.com> Date: Tue, 17 Dec 2024 12:55:32 +0100 From: David Hildenbrand <david@...hat.com> To: jane.chu@...cle.com, Liu Shixin <liushixin2@...wei.com>, Andrew Morton <akpm@...ux-foundation.org>, Muchun Song <muchun.song@...ux.dev>, Kenneth W Chen <kenneth.w.chen@...el.com>, Kefeng Wang <wangkefeng.wang@...wei.com>, Nanyong Sun <sunnanyong@...wei.com> Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] mm: hugetlb: independent PMD page table shared count On 16.12.24 19:33, jane.chu@...cle.com wrote: > On 12/14/2024 2:44 AM, Liu Shixin wrote: > >> The folio refcount may be increased unexpectly through try_get_folio() by >> caller such as split_huge_pages. In huge_pmd_unshare(), we use refcount to >> check whether a pmd page table is shared. The check is incorrect if the >> refcount is increased by the above caller, and this can cause the page >> table leaked: > > hugetlb and THP don't overlap, right? how does split_huge_pages() end > up messing up huge_pmd_share() ? > > Am I missing something? > If first grabs a reference to then check if it's a THP. So we can end up grabbing anything temporarily. In general, we'll have to be smarter about what we try grabbing, but handling races for now is tricky. -- Cheers, David / dhildenb
Powered by blists - more mailing lists