| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <009fe1d5-9d98-45f1-89f0-04e2ee8f0ade@lucifer.local>
Date: Mon, 2 Jun 2025 12:55:29 +0100
From: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
To: David Hildenbrand <david@...hat.com>
Cc: Pu Lehui <pulehui@...weicloud.com>, mhiramat@...nel.org, oleg@...hat.com,
peterz@...radead.org, akpm@...ux-foundation.org,
Liam.Howlett@...cle.com, vbabka@...e.cz, jannh@...gle.com,
pfalcato@...e.de, linux-mm@...ck.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org, pulehui@...wei.com
Subject: Re: [PATCH v1 1/4] mm: Fix uprobe pte be overwritten when expanding
vma
On Fri, May 30, 2025 at 08:51:14PM +0200, David Hildenbrand wrote:
> > if (vp->remove) {
> > @@ -1823,6 +1829,14 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
> > faulted_in_anon_vma = false;
> > }
> > + /*
> > + * If the VMA we are copying might contain a uprobe PTE, ensure
> > + * that we do not establish one upon merge. Otherwise, when mremap()
> > + * moves page tables, it will orphan the newly created PTE.
> > + */
> > + if (vma->vm_file)
> > + vmg.skip_vma_uprobe = true;
> > +
>
> Assuming we extend the VMA on the way (not merge), would we handle that
> properly?
>
> Or is that not possible on this code path or already broken either way?
I'm not sure in what context you mean expand, vma_merge_new_range() calls
vma_expand() so we call an expand a merge here, and this flag will be
obeyed.
vma_merge_new_range() -> vma_expand() -> commit_merge() -> vma_complete()
will ensure expected behaviour.
>
> --
> Cheers,
>
> David / dhildenb
>
Powered by blists - more mailing lists