| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABQgh9ErFGWke8M8oF8eUcgXDfObY613Sb_KeC1R2h_NqXi2hQ@mail.gmail.com>
Date: Mon, 10 Nov 2025 15:27:13 +0800
From: Zhangfei Gao <zhangfei.gao@...aro.org>
To: Chenghai Huang <huangchenghai2@...wei.com>
Cc: gregkh@...uxfoundation.org, wangzhou1@...ilicon.com,
linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
fanghao11@...wei.com, shenyang39@...wei.com, liulongfang@...wei.com,
qianweili@...wei.com, linwenkai6@...ilicon.com
Subject: Re: [PATCH v4 3/4] uacce: implement mremap in uacce_vm_ops to return -EPERM
On Wed, 22 Oct 2025 at 10:11, Chenghai Huang <huangchenghai2@...wei.com> wrote:
>
> From: Yang Shen <shenyang39@...wei.com>
>
> The current uacce_vm_ops does not support the mremap operation of
> vm_operations_struct. Implement .mremap to return -EPERM to remind
> users.
>
> The reason we need to explicitly disable mremap is that when the
> driver does not implement .mremap, it uses the default mremap
> method. This could lead to a risk scenario:
>
> An application might first mmap address p1, then mremap to p2,
> followed by munmap(p1), and finally munmap(p2). Since the default
> mremap copies the original vma's vm_private_data (i.e., q) to the
> new vma, both munmap operations would trigger vma_close, causing
> q->qfr to be freed twice(qfr will be set to null here, so repeated
> release is ok).
>
> Fixes: 015d239ac014 ("uacce: add uacce driver")
> Cc: stable@...r.kernel.org
> Signed-off-by: Yang Shen <shenyang39@...wei.com>
> Signed-off-by: Chenghai Huang <huangchenghai2@...wei.com>
Acked-by: Zhangfei Gao <zhangfei.gao@...aro.org>
Thanks
Powered by blists - more mailing lists