| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000d01dc38e2$86ab7460$94025d20$@linux.alibaba.com> Date: Thu, 9 Oct 2025 14:04:08 +0800 From: <yadong.qi@...ux.alibaba.com> To: "'Andrew Morton'" <akpm@...ux-foundation.org> Cc: <urezki@...il.com>, <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>, <ying.huang@...ux.alibaba.com> Subject: RE: [PATCH] mm: vmalloc: BUG_ON if mapping size is not PAGE_SIZE aligned > -----Original Message----- > From: Andrew Morton <akpm@...ux-foundation.org> > Sent: 2025年10月9日 12:17 > To: Yadong Qi <yadong.qi@...ux.alibaba.com> > Cc: urezki@...il.com; linux-mm@...ck.org; linux-kernel@...r.kernel.org; > ying.huang@...ux.alibaba.com > Subject: Re: [PATCH] mm: vmalloc: BUG_ON if mapping size is not PAGE_SIZE > aligned > > On Thu, 9 Oct 2025 11:59:43 +0800 Yadong Qi <yadong.qi@...ux.alibaba.com> > wrote: > > > In mm/vmalloc.c, the function vmap_pte_range() assumes that the > > mapping size is aligned to PAGE_SIZE. If this assumption is > > violated, the loop will become infinite because the termination > > condition (`addr != end`) will never be met. This can lead to > > overwriting other VA ranges and/or random pages physically follow > > the page table. > > > > It's the caller's responsibility to ensure that the mapping size > > is aligned to PAGE_SIZE. However, the memory corruption is hard > > to root cause. To identify the programming error in the caller > > easier, check whether the mapping size is PAGE_SIZE aligned with > > BUG_ON(). > > > > .. > > > > --- a/mm/vmalloc.c > > +++ b/mm/vmalloc.c > > @@ -100,6 +100,8 @@ static int vmap_pte_range(pmd_t *pmd, unsigned long > addr, unsigned long end, > > struct page *page; > > unsigned long size = PAGE_SIZE; > > > > + BUG_ON(!PAGE_ALIGNED(end - addr)); > > + > > pfn = phys_addr >> PAGE_SHIFT; > > pte = pte_alloc_kernel_track(pmd, addr, mask); > > if (!pte) > > We try to avoid adding BUG()s - deliberately crashing the kernel is > pretty cruel to the user. It's far better to WARN and to continue in > some fashion so the user can at least gather logs, etc. > > How about > > if (WARN_ON(!PAGE_ALIGNED(end - addr))) > return -ENOMEM; > > ? > > (Or VM_WARN_ON) Sure, I will send a new patch with WARN_ON. Best Regard Yadong
Powered by blists - more mailing lists