Re: [PATCH 2/2] mm: Fix a huge pud insertion race during faulting

From: Kirill A. Shutemov
Date: Mon Nov 18 2019 - 05:22:21 EST

Next message: Ilie Halip: "Re: [PATCH V2] x86/boot: explicitly place .eh_frame after .rodata"
Previous message: patrick . rudolph: "[PATCH v3 3/3] firmware: google: Probe for a GSMI handler in firmware"
Next in thread: Thomas HellstrÃm (VMware): "Re: [PATCH 2/2] mm: Fix a huge pud insertion race during faulting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 15, 2019 at 11:58:00AM -0800, Andrew Morton wrote:
> On Fri, 15 Nov 2019 12:58:08 +0100 Thomas Hellström (VMware) <thomas_os@xxxxxxxxxxxx> wrote:
>
> > A huge pud page can theoretically be faulted in racing with pmd_alloc()
> > in __handle_mm_fault(). That will lead to pmd_alloc() returning an
> > invalid pmd pointer. Fix this by adding a pud_trans_unstable() function
> > similar to pmd_trans_unstable() and check whether the pud is really stable
> > before using the pmd pointer.
> >
> > Race:
> > Thread 1: Thread 2: Comment
> > create_huge_pud() Fallback - not taken.
> > create_huge_pud() Taken.
> > pmd_alloc() Returns an invalid pointer.
>
> What are the user-visible runtime effects of this change?

Data corruption: kernel writes to a huge page thing it's page table.

> Is a -stable backport warranted?

I believe it is.

Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>

--
Kirill A. Shutemov

Next message: Ilie Halip: "Re: [PATCH V2] x86/boot: explicitly place .eh_frame after .rodata"
Previous message: patrick . rudolph: "[PATCH v3 3/3] firmware: google: Probe for a GSMI handler in firmware"
Next in thread: Thomas HellstrÃm (VMware): "Re: [PATCH 2/2] mm: Fix a huge pud insertion race during faulting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]