linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andrea Arcangeli <aarcange@redhat.com>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>,
	Dmitry Vyukov <dvyukov@google.com>,
	syzbot 
	<bot+6a5269ce759a7bb12754ed9622076dc93f65a1f6@syzkaller.appspotmail.com>,
	Jan Beulich <JBeulich@suse.com>, "H. Peter Anvin" <hpa@zytor.com>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	ldufour@linux.vnet.ibm.com, LKML <linux-kernel@vger.kernel.org>,
	Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@redhat.com>,
	syzkaller-bugs@googlegroups.com,
	Thomas Gleixner <tglx@linutronix.de>,
	the arch/x86 maintainers <x86@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Michal Hocko <mhocko@suse.com>, Hugh Dickins <hughd@google.com>,
	David Rientjes <rientjes@google.com>,
	linux-mm@kvack.org,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Thorsten Leemhuis <regressions@leemhuis.info>
Subject: Re: KASAN: use-after-free Read in __do_page_fault
Date: Wed, 1 Nov 2017 11:17:44 +0100	[thread overview]
Message-ID: <20171101101744.GA1846@redhat.com> (raw)
In-Reply-To: <94aa563c-14da-7892-51a0-e1799cdad050@suse.cz>

On Wed, Nov 01, 2017 at 08:42:57AM +0100, Vlastimil Babka wrote:
> The vma should be pinned by mmap_sem, but handle_userfault() will in some
> scenarios release it and then acquire again, so when we return to

In the above message and especially in the below comment, I would
suggest to take the opportunity to more accurately document the
specific scenario instead of "some scenario" which is only "A return
to userland to repeat the page fault later with a VM_FAULT_NOPAGE
retval (potentially after handling any pending signal during the
return to userland). The return to userland is identified whenever
FAULT_FLAG_USER|FAULT_FLAG_KILLABLE are both set in vmf->flags".

> +	 * in some scenario (and not return VM_FAULT_RETRY), we have to be

Thanks,
Andrea

  reply	other threads:[~2017-11-01 10:17 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-30 19:12 KASAN: use-after-free Read in __do_page_fault syzbot
2017-10-30 19:15 ` Dmitry Vyukov
2017-10-31 12:00   ` Vlastimil Babka
2017-10-31 12:42     ` Dmitry Vyukov
2017-10-31 13:20       ` Vlastimil Babka
2017-10-31 13:57         ` Vlastimil Babka
2017-10-31 14:11           ` Kirill A. Shutemov
2017-10-31 14:28             ` Vlastimil Babka
2017-10-31 19:15               ` Andrea Arcangeli
2017-11-01  7:42                 ` Vlastimil Babka
2017-11-01 10:17                   ` Andrea Arcangeli [this message]
2017-11-01 12:14                     ` Vlastimil Babka
2017-10-31 15:37           ` Linus Torvalds
2017-10-31 19:13             ` Andrea Arcangeli
2017-11-01 15:26               ` Linus Torvalds
2017-11-02 19:36                 ` Andrea Arcangeli
2017-11-02 10:00           ` Laurent Dufour

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171101101744.GA1846@redhat.com \
    --to=aarcange@redhat.com \
    --cc=JBeulich@suse.com \
    --cc=akpm@linux-foundation.org \
    --cc=bot+6a5269ce759a7bb12754ed9622076dc93f65a1f6@syzkaller.appspotmail.com \
    --cc=dvyukov@google.com \
    --cc=hpa@zytor.com \
    --cc=hughd@google.com \
    --cc=jpoimboe@redhat.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=kirill@shutemov.name \
    --cc=ldufour@linux.vnet.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=luto@kernel.org \
    --cc=mhocko@suse.com \
    --cc=mingo@redhat.com \
    --cc=regressions@leemhuis.info \
    --cc=rientjes@google.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=vbabka@suse.cz \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).