| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <79ec5aa9-1937-436e-8cf4-436746142f7b@redhat.com>
Date: Tue, 11 Mar 2025 10:54:40 +0100
From: David Hildenbrand <david@...hat.com>
To: Oleg Nesterov <oleg@...hat.com>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
linux-arm-kernel@...ts.infradead.org, linux-trace-kernel@...r.kernel.org,
linux-perf-users@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>,
Matthew Wilcox <willy@...radead.org>, Russell King <linux@...linux.org.uk>,
Masami Hiramatsu <mhiramat@...nel.org>, Peter Zijlstra
<peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Namhyung Kim <namhyung@...nel.org>, Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>, Ian Rogers <irogers@...gle.com>,
Adrian Hunter <adrian.hunter@...el.com>,
"Liang, Kan" <kan.liang@...ux.intel.com>,
Tong Tiangen <tongtiangen@...wei.com>
Subject: Re: [PATCH -next v1 3/3] kernel/events/uprobes: uprobe_write_opcode()
rewrite
On 10.03.25 18:03, Oleg Nesterov wrote:
> On 03/04, David Hildenbrand wrote:
>>
>> uprobe_write_opcode() does some pretty low-level things that really, it
>> shouldn't be doing:
>
> Agreed. Thanks again for doing this.
>
> David, as I said, I can't review. I don't understand this mm/folio magic
> with or without your changes.
>
No worries! Thanks for taking a look!
> However. With your changes the code looks "better" and more understandable
> to me. So I'd vote for your patches even if I can't ack them.
>
> But I'd like to ask some stupid (no, really) questions.
> __uprobe_write_opcode() does:
>
> /* We're done if we don't find an anonymous folio when unregistering. */
> if (!folio_test_anon(folio))
> return is_register ? -EFAULT : 0;
>
> Yes, but we do not expect !folio_test_anon() if register == true, right?
> See also below.>
> /* Verify that the page content is still as expected. */
> if (verify_opcode(fw->page, opcode_vaddr, &opcode) <= 0) {
> set_pte_at(vma->vm_mm, vaddr, fw->ptep, fw->pte);
> return -EAGAIN;
> }
>
> The caller, uprobe_write_opcode(), has already called verify_opcode(),
> why do we need to re-check?
Regarding both questions, the code is fairly racy. Nothing would stop
user space from (a) modifying that memory (b) zapping the anon page
using MADV_DONTNEED (if we don't hold the mmap lock in write mode).
Regarding the latter, uprobe_write_opcode() is documented to: "Called
with mm->mmap_lock held for read or write.".
Note that both checks are fairly cheap.
>
> But whatever reason we have. Can we change uprobe_write_opcode() to
> "delay" put_page() and instead of
I was debating with myself whether we should do that and went back and
forth a couple of times.
>
> /* Walk the page tables again, to perform the actual update. */
> folio = folio_walk_start(&fw, vma, vaddr, 0);
> if (folio) {
> ret = __uprobe_write_opcode(vma, &fw, folio, opcode_vaddr,
> opcode);
> folio_walk_end(&fw, vma);
> } else {
> ret = -EAGAIN;
> }
>
> do something like
>
> /* Walk the page tables again, to perform the actual update. */
> ret = -EAGAIN;
> folio = folio_walk_start(&fw, vma, vaddr, 0);
> if (folio) {
> if (fw.page == page) {
> WARN_ON(is_register && !folio_test_anon(folio));
Yes, that would work (we could leave the WARN_ON in
__uprobe_write_opcode), but I am not sure if the end result is better
better. No strong opinion on the details though.
> ret = __uprobe_write_opcode(vma, &fw, folio, opcode_vaddr,
> opcode);
> }
> folio_walk_end(&fw, vma);
> }
>
> ?
>
> Once again, I am not trying to review. I am trying to understand the
> basics of your code.
Any feedback is welcome, thanks!
--
Cheers,
David / dhildenb
Powered by blists - more mailing lists