| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ef999493-cac0-68bb-2684-97da0fb8b583@huawei.com>
Date: Sat, 22 Feb 2025 15:19:24 +0800
From: Tong Tiangen <tongtiangen@...wei.com>
To: Oleg Nesterov <oleg@...hat.com>
CC: David Hildenbrand <david@...hat.com>, Andrew Morton
<akpm@...ux-foundation.org>, Peter Zijlstra <peterz@...radead.org>, Ingo
Molnar <mingo@...hat.com>, Arnaldo Carvalho de Melo <acme@...nel.org>,
Namhyung Kim <namhyung@...nel.org>, Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>, Jiri Olsa
<jolsa@...nel.org>, Peter Xu <peterx@...hat.com>, Ian Rogers
<irogers@...gle.com>, Adrian Hunter <adrian.hunter@...el.com>, "Liang, Kan"
<kan.liang@...ux.intel.com>, Masami Hiramatsu <mhiramat@...nel.org>,
<linux-perf-users@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<linux-mm@...ck.org>, <linux-trace-kernel@...r.kernel.org>,
<bpf@...r.kernel.org>, <wangkefeng.wang@...wei.com>, Guohanjun
<guohanjun@...wei.com>
Subject: Re: [PATCH -next v2] uprobes: fix two zero old_folio bugs in
__replace_page()
在 2025/2/22 10:37, Tong Tiangen 写道:
>
>
> 在 2025/2/21 23:28, Oleg Nesterov 写道:
>> On 02/21, Tong Tiangen wrote:
>>>
>>> --- a/kernel/events/uprobes.c
>>> +++ b/kernel/events/uprobes.c
>>> @@ -506,6 +506,11 @@ int uprobe_write_opcode(struct arch_uprobe
>>> *auprobe, struct mm_struct *mm,
>>> if (ret <= 0)
>>> goto put_old;
>>>
>>> + if (is_zero_page(old_page)) {
>>> + ret = -EINVAL;
>>> + goto put_old;
>>> + }
>>
>> I agree with David, the subject looks a bit misleading.
>>
>> And. I won't insist, this is cosmetic, but if you send V2 please consider
>> moving the "verify_opcode()" check down, after the
>> is_zero_page/PageCompound
>> checks.
>>
>> Oleg.
>
> OK, check the validity of the old page first and modify the subject in
> v3 .
>
> Thanks.
I'm going to add a new patch to moving the "verify_opcode()" check down
, IIUC that "!PageAnon(old_page)" below also needs to be moved together,
and as David said this can be triggered by user space, so delete the use
of "WARN", as follows:
@@ -502,20 +502,16 @@ int uprobe_write_opcode(struct arch_uprobe
*auprobe, struct mm_struct *mm,
if (IS_ERR(old_page))
return PTR_ERR(old_page);
- ret = verify_opcode(old_page, vaddr, &opcode);
- if (ret <= 0)
+ ret = -EINVAL;
+ if (is_zero_page(old_page))
goto put_old;
- if (is_zero_page(old_page)) {
- ret = -EINVAL;
+ if (!is_register && (PageCompound(old_page) || !PageAnon(old_page)))
goto put_old;
- }
- if (WARN(!is_register && PageCompound(old_page),
- "uprobe unregister should never work on compound
page\n")) {
- ret = -EINVAL;
+ ret = verify_opcode(old_page, vaddr, &opcode);
+ if (ret <= 0)
goto put_old;
- }
/* We are going to replace instruction, update ref_ctr. */
if (!ref_ctr_updated && uprobe->ref_ctr_offset) {
@@ -526,10 +522,6 @@ int uprobe_write_opcode(struct arch_uprobe
*auprobe, struct mm_struct *mm,
ref_ctr_updated = 1;
}
- ret = 0;
- if (!is_register && !PageAnon(old_page))
- goto put_old;
-
ret = anon_vma_prepare(vma);
Thanks.
>
>>
>>
>> .
>
> .
Powered by blists - more mailing lists