| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1b7e682e-86a4-4573-b423-65f9755f71ea@arm.com>
Date: Thu, 11 Dec 2025 09:43:58 +0000
From: Ryan Roberts <ryan.roberts@....com>
To: Samuel Holland <samuel.holland@...ive.com>,
Andrew Morton <akpm@...ux-foundation.org>,
"Liam R . Howlett" <Liam.Howlett@...cle.com>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
David Hildenbrand <david@...nel.org>, Vlastimil Babka <vbabka@...e.cz>,
Jann Horn <jannh@...gle.com>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
Anshuman Khandual <anshuman.khandual@....com>, Gavin Shan
<gshan@...hat.com>, Zi Yan <ziy@...dia.com>
Subject: Re: [PATCH 2/2] mm/madvise: Use set_pte() to write page tables
On 11/12/2025 08:11, Samuel Holland wrote:
> Generic code must always use the architecture-provided helper function
> to write page tables.
>
> Fixes: 662df3e5c376 ("mm: madvise: implement lightweight guard page mechanism")
> Signed-off-by: Samuel Holland <samuel.holland@...ive.com>
> ---
>
> mm/madvise.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/madvise.c b/mm/madvise.c
> index b617b1be0f535..4da9c32f8738a 100644
> --- a/mm/madvise.c
> +++ b/mm/madvise.c
> @@ -1114,7 +1114,7 @@ static int guard_install_set_pte(unsigned long addr, unsigned long next,
> unsigned long *nr_pages = (unsigned long *)walk->private;
>
> /* Simply install a PTE marker, this causes segfault on access. */
> - *ptep = make_pte_marker(PTE_MARKER_GUARD);
> + set_pte(ptep, make_pte_marker(PTE_MARKER_GUARD));
No! As I explained in my response on the other thread (which you linked in the
cover letter), it is correct as is and should not be changed to set_pte().
Copy/pasting my explanation:
| I tried "fixing" this before. But it's correct as is. ptep is pointing to a
| value on the stack. See [2].
|
| https://lore.kernel.org/linux-mm/2308a4d0-273e-4cf8-9c9f-3008c42b6d18@arm.com/
If you go look at where this function is called from, you'll see that it's a
pointer to a stack variable:
---8<---
static int walk_pte_range_inner(pte_t *pte, unsigned long addr,
unsigned long end, struct mm_walk *walk)
{
const struct mm_walk_ops *ops = walk->ops;
int err = 0;
for (;;) {
if (ops->install_pte && pte_none(ptep_get(pte))) {
pte_t new_pte;
err = ops->install_pte(addr, addr + PAGE_SIZE, &new_pte,
walk);
---8<---
I agree that it's extremely confusing. Perhaps, at a minimum, we should come up
with some kind of naming convention for this and update this and the other
couple of places that pass pointers to stack-based pXX_t around?
e.g. instead of calling it "ptep", call it "ptevalp" or something like that?
Thanks,
Ryan
> (*nr_pages)++;
>
> return 0;
Powered by blists - more mailing lists