| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e86e2aa5-c66c-41a9-a56d-74451df0d105@arm.com> Date: Wed, 17 Sep 2025 17:28:02 +0100 From: Ryan Roberts <ryan.roberts@....com> To: Yang Shi <yang@...amperecomputing.com>, Dev Jain <dev.jain@....com>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, David Hildenbrand <david@...hat.com>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, Ard Biesheuvel <ardb@...nel.org>, scott@...amperecomputing.com, cl@...two.org Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org Subject: Re: [PATCH v7 0/6] arm64: support FEAT_BBM level 2 and large block mapping when rodata=full Hi Yang, Sorry for the slow reply; I'm just getting back to this... On 11/09/2025 23:03, Yang Shi wrote: > Hi Ryan & Catalin, > > Any more concerns about this? I've been trying to convince myself that your assertion that all users that set the VM_FLUSH_RESET_PERMS also call set_memory_*() for the entire range that was returned my vmalloc. I agree that if that is the contract and everyone is following it, then there is no problem here. But I haven't been able to convince myself... Some examples (these might intersect with examples you previously raised): 1. bpf_dispatcher_change_prog() -> bpf_jit_alloc_exec() -> execmem_alloc() -> sets VM_FLUSH_RESET_PERMS. But I don't see it calling set_memory_*() for rw_image. 2. module_memory_alloc() -> execmem_alloc_rw() -> execmem_alloc() -> sets VM_FLUSH_RESET_PERMS (note that execmem_force_rw() is nop for arm64). set_memory_*() is not called until much later on in module_set_memory(). Another error in the meantime could cause the memory to be vfreed before that point. 3. When set_vm_flush_reset_perms() is set for the range, it is called before set_memory_*() which might then fail to split prior to vfree. But I guess as long as set_memory_*() is never successfully called for a *sub-range* of the vmalloc'ed region, then for all of the above issues, the memory must still be RW at vfree-time, so this issue should be benign... I think? In summary this all looks horribly fragile. But I *think* it works. It would be good to clean it all up and have some clearly documented rules regardless. But I think that could be a follow up series. > Shall we move forward with v8? Yes; Do you wnat me to post that or would you prefer to do it? I'm happy to do it; there are a few other tidy ups in pageattr.c I want to make which I spotted. > We can include the > fix to kprobes in v8 or I can send it separately, either is fine to me. Post it on list, and I'll also incorporate into the series. > Hopefully we can make v6.18. It's probably getting a bit late now. Anyway, I'll aim to get v8 out tomorrow or Friday and we will see what Will thinks. Thanks, Ryan > > Thanks, > Yang >
Powered by blists - more mailing lists