| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <81fc5322-6ab4-4830-9b2e-15d834b461c2@redhat.com> Date: Mon, 20 Oct 2025 19:14:38 +0200 From: David Hildenbrand <david@...hat.com> To: Lance Yang <lance.yang@...ux.dev>, akpm@...ux-foundation.org, lorenzo.stoakes@...cle.com Cc: ziy@...dia.com, baolin.wang@...ux.alibaba.com, Liam.Howlett@...cle.com, npache@...hat.com, ryan.roberts@....com, dev.jain@....com, baohua@...nel.org, ioworker0@...il.com, linux-kernel@...r.kernel.org, linux-mm@...ck.org, Wei Yang <richard.weiyang@...il.com> Subject: Re: [PATCH mm-new v3 1/1] mm/khugepaged: guard is_zero_pfn() calls with pte_present() On 20.10.25 17:11, Lance Yang wrote: > From: Lance Yang <lance.yang@...ux.dev> > > A non-present entry, like a swap PTE, contains completely different data > (swap type and offset). pte_pfn() doesn't know this, so if we feed it a > non-present entry, it will spit out a junk PFN. > > What if that junk PFN happens to match the zeropage's PFN by sheer > chance? While really unlikely, this would be really bad if it did. > > So, let's fix this potential bug by ensuring all calls to is_zero_pfn() > in khugepaged.c are properly guarded by a pte_present() check. > > Suggested-by: Lorenzo Stoakes <lorenzo.stoakes@...cle.com> > Reviewed-by: Nico Pache <npache@...hat.com> > Reviewed-by: Dev Jain <dev.jain@....com> > Reviewed-by: Baolin Wang <baolin.wang@...ux.alibaba.com> > Reviewed-by: Wei Yang <richard.weiyang@...il.com> > Signed-off-by: Lance Yang <lance.yang@...ux.dev> > --- Works for me! Acked-by: David Hildenbrand <david@...hat.com> -- Cheers David / dhildenb
Powered by blists - more mailing lists