On 2024/12/16 14:35, Andrew Morton wrote:
On Mon, 16 Dec 2024 14:15:35 +0800 Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx> wrote:
Hi Andrew,
On 2024/12/16 14:10, Andrew Morton wrote:
On Sun, 15 Dec 2024 14:29:38 +0800 Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx> wrote:
Acked-by: Yu Zhao <yuzhao@xxxxxxxxxx>
Thanks! Once the review of this patch series is completed, we can simply
drop "mm: pgtable: make ptlock be freed by RCU" from mm tree.
Can we drop it now and does the remainder of the series "synchronously
scan and reclaim empty user PTE pages v4" remain valid and useful?
The "mm: pgtable: make ptlock be freed by RCU" fixes the UAF issue [1]
reported by syzbot. If it is dropped now and this patch series is not
merged, the UAF issue will reappear.
[1].
https://lore.kernel.org/lkml/67548279.050a0220.a30f1.015b.GAE@xxxxxxxxxx/
OK, so as I understand it,
- the series "synchronously scan and reclaim empty user PTE pages v4"
exposes a use-after-free bug, and fixes that bug with the patch "mm:
pgtable: make ptlock be freed by RCU".
- The series "move pagetable_*_dtor() to __tlb_remove_table()" fixes
that bug in a more desirable way.
- So when the series "move pagetable_*_dtor() to
__tlb_remove_table()" is merged into mm-unstable, I drop the patch
"mm: pgtable: make ptlock be freed by RCU".
Correct?
Right!
