lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <009fe1d5-9d98-45f1-89f0-04e2ee8f0ade@lucifer.local>
Date: Mon, 2 Jun 2025 12:55:29 +0100
From: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
To: David Hildenbrand <david@...hat.com>
Cc: Pu Lehui <pulehui@...weicloud.com>, mhiramat@...nel.org, oleg@...hat.com,
        peterz@...radead.org, akpm@...ux-foundation.org,
        Liam.Howlett@...cle.com, vbabka@...e.cz, jannh@...gle.com,
        pfalcato@...e.de, linux-mm@...ck.org, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org, pulehui@...wei.com
Subject: Re: [PATCH v1 1/4] mm: Fix uprobe pte be overwritten when expanding
 vma

On Fri, May 30, 2025 at 08:51:14PM +0200, David Hildenbrand wrote:
> >   	if (vp->remove) {
> > @@ -1823,6 +1829,14 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
> >   		faulted_in_anon_vma = false;
> >   	}
> > +	/*
> > +	 * If the VMA we are copying might contain a uprobe PTE, ensure
> > +	 * that we do not establish one upon merge. Otherwise, when mremap()
> > +	 * moves page tables, it will orphan the newly created PTE.
> > +	 */
> > +	if (vma->vm_file)
> > +		vmg.skip_vma_uprobe = true;
> > +
>
> Assuming we extend the VMA on the way (not merge), would we handle that
> properly?
>
> Or is that not possible on this code path or already broken either way?

I'm not sure in what context you mean expand, vma_merge_new_range() calls
vma_expand() so we call an expand a merge here, and this flag will be
obeyed.

vma_merge_new_range() -> vma_expand() -> commit_merge() -> vma_complete()
will ensure expected behaviour.

>
> --
> Cheers,
>
> David / dhildenb
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ