From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754121Ab1JLUm2 (ORCPT ); Wed, 12 Oct 2011 16:42:28 -0400 Received: from mail-qw0-f46.google.com ([209.85.216.46]:64458 "EHLO mail-qw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753842Ab1JLUm1 (ORCPT ); Wed, 12 Oct 2011 16:42:27 -0400 Date: Wed, 12 Oct 2011 13:42:24 -0700 From: Andrew Morton To: Andrea Arcangeli Cc: Hillf Danton , LKML , linux-mm@kvack.org Subject: Re: [PATCH] mm/huge_memory: Clean up typo when copying user highpage Message-Id: <20111012134224.786191ac.akpm@linux-foundation.org> In-Reply-To: <20111012175148.GA27460@redhat.com> References: <20111012175148.GA27460@redhat.com> X-Mailer: Sylpheed 3.0.2 (GTK+ 2.20.1; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 12 Oct 2011 19:51:48 +0200 Andrea Arcangeli wrote: > On Wed, Oct 12, 2011 at 10:39:36PM +0800, Hillf Danton wrote: > > Hi Andrea > > > > When copying user highpage, the PAGE_SHIFT in the third parameter is a typo, > > I think, and is replaced with PAGE_SIZE. > > That looks correct. I wonder how it was not noticed yet. Because it > can't go out of bound, it didn't risk to crash the kernel and it didn't > not risk to expose random data to the cowing task. So it shouldn't > have security implications as far as I can tell, but the app could > malfunction and crash (userland corruption only). Which architectures care about the copy_user_page() `vaddr' argument? mips, perhaps? I suspect the intersection between those architectures and archs-which-implement-hugepages is the empty set. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail6.bemta7.messagelabs.com (mail6.bemta7.messagelabs.com [216.82.255.55]) by kanga.kvack.org (Postfix) with ESMTP id 8D7A46B002C for ; Wed, 12 Oct 2011 16:42:28 -0400 (EDT) Received: by pzk4 with SMTP id 4so955570pzk.6 for ; Wed, 12 Oct 2011 13:42:25 -0700 (PDT) Date: Wed, 12 Oct 2011 13:42:24 -0700 From: Andrew Morton Subject: Re: [PATCH] mm/huge_memory: Clean up typo when copying user highpage Message-Id: <20111012134224.786191ac.akpm@linux-foundation.org> In-Reply-To: <20111012175148.GA27460@redhat.com> References: <20111012175148.GA27460@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: Andrea Arcangeli Cc: Hillf Danton , LKML , linux-mm@kvack.org On Wed, 12 Oct 2011 19:51:48 +0200 Andrea Arcangeli wrote: > On Wed, Oct 12, 2011 at 10:39:36PM +0800, Hillf Danton wrote: > > Hi Andrea > > > > When copying user highpage, the PAGE_SHIFT in the third parameter is a typo, > > I think, and is replaced with PAGE_SIZE. > > That looks correct. I wonder how it was not noticed yet. Because it > can't go out of bound, it didn't risk to crash the kernel and it didn't > not risk to expose random data to the cowing task. So it shouldn't > have security implications as far as I can tell, but the app could > malfunction and crash (userland corruption only). Which architectures care about the copy_user_page() `vaddr' argument? mips, perhaps? I suspect the intersection between those architectures and archs-which-implement-hugepages is the empty set. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: email@kvack.org