| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d288fc83-a1ee-4409-a457-83bc21356306@linux.dev> Date: Thu, 16 Oct 2025 18:51:02 +0800 From: Lance Yang <lance.yang@...ux.dev> To: Wei Yang <richard.weiyang@...il.com> Cc: akpm@...ux-foundation.org, david@...hat.com, lorenzo.stoakes@...cle.com, ziy@...dia.com, baolin.wang@...ux.alibaba.com, Liam.Howlett@...cle.com, npache@...hat.com, ryan.roberts@....com, dev.jain@....com, baohua@...nel.org, ioworker0@...il.com, linux-kernel@...r.kernel.org, linux-mm@...ck.org Subject: Re: [PATCH mm-new 1/1] mm/khugepaged: guard is_zero_pfn() calls with pte_present() On 2025/10/16 17:33, Wei Yang wrote: > On Thu, Oct 16, 2025 at 11:36:43AM +0800, Lance Yang wrote: >> From: Lance Yang <lance.yang@...ux.dev> >> >> A non-present entry, like a swap PTE, contains completely different data >> (swap type and offset). pte_pfn() doesn't know this, so if we feed it a >> non-present entry, it will spit out a junk PFN. >> >> What if that junk PFN happens to match the zeropage's PFN by sheer >> chance? While really unlikely, this would be really bad if it did. >> >> So, let's fix this potential bug by ensuring all calls to is_zero_pfn() >> in khugepaged.c are properly guarded by a pte_present() check. >> > > Does it more like to guard pte_pfn() with pte_present()? Exactly! My thinking was that by guarding pte_pfn(), we're ultimately protecting is_zero_pfn() from acting on a junk PFN. So we're on the same page — I just described the end goal ;p Thanks!
Powered by blists - more mailing lists