Re: KASAN: use-after-free Read in __do_page_fault

From: Vlastimil Babka
Date: Wed Nov 01 2017 - 08:14:53 EST

Next message: Kirill Smelkov: "Re: linux-next: Signed-off-by missing for commit in the net-next tree"
Previous message: Jiri Olsa: "Re: [PATCH 2/2] perf tools: Show correct function name for srcline of callchains"
In reply to: Andrea Arcangeli: "Re: KASAN: use-after-free Read in __do_page_fault"
Next in thread: Linus Torvalds: "Re: KASAN: use-after-free Read in __do_page_fault"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/01/2017 11:17 AM, Andrea Arcangeli wrote:
> On Wed, Nov 01, 2017 at 08:42:57AM +0100, Vlastimil Babka wrote:
>> The vma should be pinned by mmap_sem, but handle_userfault() will in some
>> scenarios release it and then acquire again, so when we return to
>
> In the above message and especially in the below comment, I would
> suggest to take the opportunity to more accurately document the
> specific scenario instead of "some scenario" which is only "A return
> to userland to repeat the page fault later with a VM_FAULT_NOPAGE
> retval (potentially after handling any pending signal during the
> return to userland). The return to userland is identified whenever
> FAULT_FLAG_USER|FAULT_FLAG_KILLABLE are both set in vmf->flags".

OK, updated patch below
----8<----

Next message: Kirill Smelkov: "Re: linux-next: Signed-off-by missing for commit in the net-next tree"
Previous message: Jiri Olsa: "Re: [PATCH 2/2] perf tools: Show correct function name for srcline of callchains"
In reply to: Andrea Arcangeli: "Re: KASAN: use-after-free Read in __do_page_fault"
Next in thread: Linus Torvalds: "Re: KASAN: use-after-free Read in __do_page_fault"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]