From: David Hildenbrand <david@redhat.com>
To: stable@vger.kernel.org
Cc: xingwei lee <xrivendell7@gmail.com>,
yue sun <samsun1006219@gmail.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Miklos Szeredi <mszeredi@redhat.com>,
Mike Rapoport <rppt@kernel.org>,
Lorenzo Stoakes <lstoakes@gmail.com>
Subject: Re: [PATCH 6.1.y] mm/secretmem: fix GUP-fast succeeding on secretmem folios
Date: Mon, 8 Apr 2024 12:39:51 +0200 [thread overview]
Message-ID: <05c72609-06ed-43bd-94a1-e32788cf5654@redhat.com> (raw)
In-Reply-To: <20240408103410.81848-1-david@redhat.com>
On 08.04.24 12:34, David Hildenbrand wrote:
> folio_is_secretmem() currently relies on secretmem folios being LRU
> folios, to save some cycles.
>
> However, folios might reside in a folio batch without the LRU flag set, or
> temporarily have their LRU flag cleared. Consequently, the LRU flag is
> unreliable for this purpose.
>
> In particular, this is the case when secretmem_fault() allocates a fresh
> page and calls filemap_add_folio()->folio_add_lru(). The folio might be
> added to the per-cpu folio batch and won't get the LRU flag set until the
> batch was drained using e.g., lru_add_drain().
>
> Consequently, folio_is_secretmem() might not detect secretmem folios and
> GUP-fast can succeed in grabbing a secretmem folio, crashing the kernel
> when we would later try reading/writing to the folio, because the folio
> has been unmapped from the directmap.
>
> Fix it by removing that unreliable check.
>
> Link: https://lkml.kernel.org/r/20240326143210.291116-2-david@redhat.com
> Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas")
> Signed-off-by: David Hildenbrand <david@redhat.com>
> Reported-by: xingwei lee <xrivendell7@gmail.com>
> Reported-by: yue sun <samsun1006219@gmail.com>
> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2rmz0HQ@mail.gmail.com/
> Debugged-by: Miklos Szeredi <miklos@szeredi.hu>
> Tested-by: Miklos Szeredi <mszeredi@redhat.com>
> Reviewed-by: Mike Rapoport (IBM) <rppt@kernel.org>
> Cc: Lorenzo Stoakes <lstoakes@gmail.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> (cherry picked from commit 65291dcfcf8936e1b23cfd7718fdfde7cfaf7706)
Forgot to add when cherry-picking
Signed-off-by: David Hildenbrand <david@redhat.com>
--
Cheers,
David / dhildenb
next prev parent reply other threads:[~2024-04-08 10:39 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-08 10:14 FAILED: patch "[PATCH] mm/secretmem: fix GUP-fast succeeding on secretmem folios" failed to apply to 6.1-stable tree gregkh
2024-04-08 10:34 ` [PATCH 6.1.y] mm/secretmem: fix GUP-fast succeeding on secretmem folios David Hildenbrand
2024-04-08 10:39 ` David Hildenbrand [this message]
2024-04-08 11:27 ` Greg KH
2024-04-08 10:42 ` FAILED: patch "[PATCH] mm/secretmem: fix GUP-fast succeeding on secretmem folios" failed to apply to 6.1-stable tree David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=05c72609-06ed-43bd-94a1-e32788cf5654@redhat.com \
--to=david@redhat.com \
--cc=lstoakes@gmail.com \
--cc=miklos@szeredi.hu \
--cc=mszeredi@redhat.com \
--cc=rppt@kernel.org \
--cc=samsun1006219@gmail.com \
--cc=stable@vger.kernel.org \
--cc=xrivendell7@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox