| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4e098a16-1213-44d1-9585-88f9041fff57@redhat.com> Date: Wed, 16 Jul 2025 15:37:19 +0200 From: David Hildenbrand <david@...hat.com> To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, Andrew Morton <akpm@...ux-foundation.org> Cc: "Liam R . Howlett" <Liam.Howlett@...cle.com>, Vlastimil Babka <vbabka@...e.cz>, Jann Horn <jannh@...gle.com>, Pedro Falcato <pfalcato@...e.de>, linux-mm@...ck.org, linux-kernel@...r.kernel.org, Jeff Xu <jeffxu@...omium.org> Subject: Re: [PATCH v2 2/5] mm/mseal: update madvise() logic On 15.07.25 15:37, Lorenzo Stoakes wrote: > The madvise() logic is inexplicably performed in mm/mseal.c - this ought to > be located in mm/madvise.c. > > Additionally can_modify_vma_madv() is inconsistently named and, in > combination with is_ro_anon(), is very confusing logic. > > Put a static function in mm/madvise.c instead - can_madvise_modify() - that > spells out exactly what's happening. Also explicitly check for an anon VMA. > > Also add commentary to explain what's going on. > > Essentially - we disallow discarding of data in mseal()'d mappings in > instances where the user couldn't otherwise write to that data. > > Shared mappings are always backed, so no discard will actually truly > discard the data. Read-only anonymous and MAP_PRIVATE file-backed mappings > are the ones we are interested in. > > We make a change to the logic here to correct a mistake - we must disallow > discard of read-only MAP_PRIVATE file-backed mappings, which previously we > were not. > > The justification for this change is to account for the case where: > > 1. A MAP_PRIVATE R/W file-backed mapping is established. > 2. The mapping is written to, which backs it with anonymous memory. > 3. The mapping is mprotect()'d read-only. > 4. The mapping is mseal()'d. > > If we were to now allow discard of this data, it would mean mseal() would > not prevent the unrecoverable discarding of data and it was thus violate > the semantics of sealed VMAs. > > Finally, update the mseal tests, which were asserting previously that a > read-only MAP_PRIVATE file-backed mapping could be discarded. > > Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@...cle.com> > Reviewed-by: Liam R. Howlett <Liam.Howlett@...cle.com> > Reviewed-by: Pedro Falcato <pfalcato@...e.de> > --- Acked-by: David Hildenbrand <david@...hat.com> -- Cheers, David / dhildenb
Powered by blists - more mailing lists