lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <61d451f7-a54a-4c27-afab-9ae684b4bc6b@suse.cz>
Date: Fri, 14 Nov 2025 17:51:20 +0100
From: Vlastimil Babka <vbabka@...e.cz>
To: Christoph Hellwig <hch@....de>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
 Christoph Lameter <cl@...two.org>, David Rientjes <rientjes@...gle.com>,
 Roman Gushchin <roman.gushchin@...ux.dev>, Harry Yoo <harry.yoo@...cle.com>,
 Jens Axboe <axboe@...nel.dk>, linux-block@...r.kernel.org,
 linux-mm@...ck.org, linux-kernel@...r.kernel.org,
 kernel test robot <oliver.sang@...el.com>
Subject: Re: [PATCH] mm/mempool: fix poisoning order>0 pages with HIGHMEM

On 11/14/25 06:04, Christoph Hellwig wrote:
> On Thu, Nov 13, 2025 at 07:54:35PM +0100, Vlastimil Babka wrote:
>> Christoph found out this is due to the poisoning code not dealing
>> properly with CONFIG_HIGHMEM because only the first page is mapped but
>> then the whole potentially high-order page is accessed.
>> 
>> This went unnoticed for years probably because nobody has yet used a
>> mempool for order>0 pages before the new block code in -next.
> 
> I did a quick audit: and bcache, dm-integrity (config dependent) and the
> KASAN unit tests create page based mempools with order > 0.  It looks
> like none of those ever got much testing on highmem systems.

Thanks,

KASAN unit tests sounds like something that would have been flagged by
automated testing long ago, however the mempool-specific poisoning isn't
compatible with it so poison_element() and check_element() both return
immediately with kasan_enabled().

bcache and dm-integrity are perhaps too complex setups for the test robots.
But I'll add cc: stable then.

> The fix looks good:
> 
> Reviewed-by: Christoph Hellwig <hch@....de>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ