| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8379d8cb-aec5-44f7-a5f0-2356b8aaaf00@redhat.com>
Date: Tue, 21 Oct 2025 14:08:44 +0200
From: David Hildenbrand <david@...hat.com>
To: Kiryl Shutsemau <kirill@...temov.name>,
Andrew Morton <akpm@...ux-foundation.org>, Hugh Dickins <hughd@...gle.com>,
Matthew Wilcox <willy@...radead.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>, Hugh Dickins <hughd@...gle.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
"Liam R. Howlett" <Liam.Howlett@...cle.com>, Vlastimil Babka
<vbabka@...e.cz>, Mike Rapoport <rppt@...nel.org>,
Suren Baghdasaryan <surenb@...gle.com>, Michal Hocko <mhocko@...e.com>,
Rik van Riel <riel@...riel.com>, Harry Yoo <harry.yoo@...cle.com>,
Johannes Weiner <hannes@...xchg.org>, Shakeel Butt <shakeel.butt@...ux.dev>,
Baolin Wang <baolin.wang@...ux.alibaba.com>,
"Darrick J. Wong" <djwong@...nel.org>, linux-mm@...ck.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
Kiryl Shutsemau <kas@...nel.org>
Subject: Re: [PATCH 1/2] mm/memory: Do not populate page table entries beyond
i_size.
On 21.10.25 08:35, Kiryl Shutsemau wrote:
> From: Kiryl Shutsemau <kas@...nel.org>
Subject: I'd drop the trailing "."
>
> Accesses within VMA, but beyond i_size rounded up to PAGE_SIZE are
> supposed to generate SIGBUS.
>
> Recent changes attempted to fault in full folio where possible. They did
> not respect i_size, which led to populating PTEs beyond i_size and
> breaking SIGBUS semantics.
>
> Darrick reported generic/749 breakage because of this.
>
> However, the problem existed before the recent changes. With huge=always
> tmpfs, any write to a file leads to PMD-size allocation. Following the
> fault-in of the folio will install PMD mapping regardless of i_size.
Right, there are some legacy oddities with shmem in that area (e.g.,
"within_size" vs. "always" THP allocation control).
Let me CC Hugh: the behavior for shmem seems to date back to 2016.
>
> Fix filemap_map_pages() and finish_fault() to not install:
> - PTEs beyond i_size;
> - PMD mappings across i_size;
Makes sense to me.
[...]
> +++ b/mm/memory.c
> @@ -5480,6 +5480,7 @@ vm_fault_t finish_fault(struct vm_fault *vmf)
> int type, nr_pages;
> unsigned long addr;
> bool needs_fallback = false;
> + pgoff_t file_end = -1UL;
>
> fallback:
> addr = vmf->address;
> @@ -5501,8 +5502,14 @@ vm_fault_t finish_fault(struct vm_fault *vmf)
> return ret;
> }
>
> + if (vma->vm_file) {
> + struct inode *inode = vma->vm_file->f_mapping->host;
empty line pleae
> + file_end = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE);
> + }
> +
> if (pmd_none(*vmf->pmd)) {
> - if (folio_test_pmd_mappable(folio)) {
> + if (folio_test_pmd_mappable(folio) &&
> + file_end >= folio_next_index(folio)) {
> ret = do_set_pmd(vmf, folio, page);
> if (ret != VM_FAULT_FALLBACK)
> return ret;
> @@ -5533,7 +5540,8 @@ vm_fault_t finish_fault(struct vm_fault *vmf)
> if (unlikely(vma_off < idx ||
> vma_off + (nr_pages - idx) > vma_pages(vma) ||
> pte_off < idx ||
> - pte_off + (nr_pages - idx) > PTRS_PER_PTE)) {
> + pte_off + (nr_pages - idx) > PTRS_PER_PTE ||
While at it you could fix the double space before the ">".
> + file_end < folio_next_index(folio))) {
> nr_pages = 1;
> } else {
> /* Now we can set mappings for the whole large folio. */
Nothing else jumped at me.
--
Cheers
David / dhildenb
Powered by blists - more mailing lists