[PATCH 0/5] [Xenial] CVE-2019-10124 - hwpoison memory DoS
Andrea Righi
andrea.righi at canonical.com
Tue Apr 2 14:52:57 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10124.html
When memory_failure() is called on a thp tail page after pmd is split an
attacker can cause a denial of service (via hwpoison), triggering a
reference counter bug, reported by VM_BUG_ON_PAGE().
The reason is that memory_failure() is always using page refcount and
page lock from tail page to head page when calling split_huge_page(),
but it can pass any subpage to split_huge_page(), causing a potential
refcount / locking bug. Fix by locking and checking the proper subpage.
The fix requires backporting additional patches:
PATCH 1/5: introduce hpage locking in memory_failure()
PATCH 2/5: no functional changes, only code refactoring that helps to
apply the next patches
PATCH 3/5: properly handle non anonymous thp
PATCH 4/5: a fix similar to the actual CVE
PATCH 5/5: the actual CVE
Kirill A. Shutemov (1):
thp, mm: split_huge_page(): caller need to lock page
Naoya Horiguchi (3):
mm: soft-offline: clean up soft_offline_page()
mm: soft-offline: exit with failure for non anonymous thp
mm: hwpoison: fix thp split handling in memory_failure()
zhongjiang (1):
mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
mm/memory-failure.c | 80 ++++++++++++++++++++++++++++++++++-------------------
mm/migrate.c | 8 ++++--
2 files changed, 58 insertions(+), 30 deletions(-)
More information about the kernel-team
mailing list