lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20250507155123.6ae8ee544182dc9cf1137a05@linux-foundation.org>
Date: Wed, 7 May 2025 15:51:23 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Florent Revest <revest@...omium.org>
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
 linux-mm@...ck.org, catalin.marinas@....com, will@...nel.org,
 tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
 dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com,
 broonie@...nel.org, thiago.bauermann@...aro.org, jackmanb@...gle.com
Subject: Re: [PATCH v2 0/4] mm: Avoid sharing high VMA flag bits

On Wed,  7 May 2025 15:09:56 +0200 Florent Revest <revest@...omium.org> wrote:

> The first patch of this series is a straightforward attempt at fixing this
> specific bug by changing the bit used by VM_UFFD_MINOR. I cc-ed stable on that
> one and I expect it to not be all too controversial.
> 
> The rest of the series however is a more zealous refactoring and likely to be
> more contentious... :) Since this bug looks like a near miss which could have
> been quite severe in terms of security, I think it's worth trying to simplify
> the high VMA flag bits code. I tried to consolidate around the current usage of
> VM_HIGH_ARCH_* macros but I'm not sure if this is the preferred approach here. I
> really don't feel strongly about those refactorings so this is more of a
> platform for discussion for people with more mm background, I'll be more than
> happy to respin a v2!

It's best to avoid combining backportable bugfixes with regular
development patches, please.  These two categories differ a lot in
their timing and version-targeting.

I'll queue the [1/N] bugfix targeted at 6.15 and -stable, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ