| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0b8617c1-a150-426f-8fa6-9ab3b5bcfa1e@redhat.com> Date: Tue, 15 Jul 2025 11:52:49 +0200 From: David Hildenbrand <david@...hat.com> To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, Vlastimil Babka <vbabka@...e.cz> Cc: Suren Baghdasaryan <surenb@...gle.com>, "Liam R. Howlett" <Liam.Howlett@...cle.com>, akpm@...ux-foundation.org, peterx@...hat.com, jannh@...gle.com, hannes@...xchg.org, mhocko@...nel.org, paulmck@...nel.org, shuah@...nel.org, adobriyan@...il.com, brauner@...nel.org, josef@...icpanda.com, yebin10@...wei.com, linux@...ssschuh.net, willy@...radead.org, osalvador@...e.de, andrii@...nel.org, ryan.roberts@....com, christophe.leroy@...roup.eu, tjmercier@...gle.com, kaleshsingh@...gle.com, aha310510@...il.com, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-mm@...ck.org, linux-kselftest@...r.kernel.org Subject: Re: [PATCH v6 7/8] fs/proc/task_mmu: read proc/pid/maps under per-vma lock On 15.07.25 11:40, Lorenzo Stoakes wrote: > On Tue, Jul 15, 2025 at 10:16:41AM +0200, Vlastimil Babka wrote: >>> Andrew, could you please remove this patchset from mm-unstable for now >>> until I fix the issue and re-post the new version? >> >> Andrew can you do that please? We keep getting new syzbot reports. > > I also pinged up top :P just to be extra specially clear... > >> >>> The error I got after these fixes is: >> >> I suspect the root cause is the ioctls are not serialized against each other >> (probably not even against read()) and yet we treat m->private as safe to >> work on. Now we have various fields that are dangerous to race on - for >> example locked_vma and iter races would explain a lot of this. >> >> I suspect as long as we used purely seq_file workflow, it did the right >> thing for us wrt serialization, but the ioctl addition violates that. We >> should rather recheck even the code before this series, if dangerous ioctl >> vs read() races are possible. And the ioctl implementation should be >> refactored to use an own per-ioctl-call private context, not the seq_file's >> per-file-open context. > > Entirely agree with this analysis. I had a look at most recent report, see: > > https://lore.kernel.org/linux-mm/f13cda37-06a0-4281-87d1-042678a38a6b@lucifer.local/ > > AFAICT we either have to lock around the ioctl or find a new way of storing > per-ioctl state. > > We'd probably need to separate out the procmap query stuff to do that > though. Probably. When I skimmed that series the first time, I was wondering "why are we even caring about PROCMAP_QUERY that in the context of this patch series". Maybe that helps :) -- Cheers, David / dhildenb
Powered by blists - more mailing lists