Re: [PATCH] mm/madvise: handle madvise_lock() failure during race unwinding

From: Jann Horn
Date: Mon Jun 02 2025 - 15:21:05 EST

Next message: Khalid Ali: "Re: [PATCH] kernel/cpu/bugs: log ltf1 mitigation status"
Previous message: Matthew Wilcox: "Re: [GIT PULL] Additional MM updates for 6.16-rc1"
In reply to: SeongJae Park: "[PATCH] mm/madvise: handle madvise_lock() failure during race unwinding"
Next in thread: Lorenzo Stoakes: "Re: [PATCH] mm/madvise: handle madvise_lock() failure during race unwinding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

@akpm FYI, this looks like it fixes a security bug in 6.15 (probably
leads to UAF of VMA structs and page tables by racing madvise(...,
MADV_GUARD_INSTALL) with concurrent faults)

On Mon, Jun 2, 2025 at 7:49 PM SeongJae Park <sj@xxxxxxxxxx> wrote:
> When unwinding race on -ERESTARTNOINTR handling of process_madvise(),
> madvise_lock() failure is ignored. Check the failure and abort
> remaining works in the case.
>
> Fixes: 4000e3d0a367 ("mm/madvise: remove redundant mmap_lock operations from process_madvise()")
> Cc: stable@xxxxxxxxxx
> Reported-by: Barry Song <21cnbao@xxxxxxxxx>
> Closes: https://lore.kernel.org/CAGsJ_4xJXXO0G+4BizhohSZ4yDteziPw43_uF8nPXPWxUVChzw@xxxxxxxxxxxxxx
> Signed-off-by: SeongJae Park <sj@xxxxxxxxxx>

Reviewed-by: Jann Horn <jannh@xxxxxxxxxx>

Next message: Khalid Ali: "Re: [PATCH] kernel/cpu/bugs: log ltf1 mitigation status"
Previous message: Matthew Wilcox: "Re: [GIT PULL] Additional MM updates for 6.16-rc1"
In reply to: SeongJae Park: "[PATCH] mm/madvise: handle madvise_lock() failure during race unwinding"
Next in thread: Lorenzo Stoakes: "Re: [PATCH] mm/madvise: handle madvise_lock() failure during race unwinding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]