lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 30 Oct 2009 14:22:01 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	David Howells <dhowells@...hat.com>
Cc:	torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org,
	Robin Getz <rgetz@...ckfin.uclinux.org>, stable@...nel.org
Subject: Re: [PATCH] NOMMU: Don't pass NULL pointers to fput() in
 do_mmap_pgoff()

On Fri, 30 Oct 2009 13:13:26 +0000
David Howells <dhowells@...hat.com> wrote:

> Don't pass NULL pointers to fput() in the error handling paths of the NOMMU
> do_mmap_pgoff() as it can't handle it.
> 
> The following can be used as a test program:
> 
> 	int main() { static long long a[1024 * 1024 * 20] = { 0 }; return a;}
> 
> Without the patch, the code oopses in atomic_long_dec_and_test() as called by
> fput() after the kernel complains that it can't allocate that big a chunk of
> memory.  With the patch, the kernel just complains about the allocation size
> and then the program segfaults during execve() as execve() can't complete the
> allocation of all the new ELF program segments.
> 
> Reported-by: Robin Getz <rgetz@...ckfin.uclinux.org>
> Signed-off-by: David Howells <dhowells@...hat.com>
> Acked-by: Robin Getz <rgetz@...ckfin.uclinux.org>
> ---
> 
>  mm/nommu.c |    6 ++++--
>  1 files changed, 4 insertions(+), 2 deletions(-)
> 
> 
> diff --git a/mm/nommu.c b/mm/nommu.c
> index cfea46c..969392c 100644
> --- a/mm/nommu.c
> +++ b/mm/nommu.c
> @@ -1364,9 +1364,11 @@ share:
>  error_just_free:
>  	up_write(&nommu_region_sem);
>  error:
> -	fput(region->vm_file);
> +	if (region->vm_file)
> +		fput(region->vm_file);
>  	kmem_cache_free(vm_region_jar, region);
> -	fput(vma->vm_file);
> +	if (vma->vm_file)
> +		fput(vma->vm_file);
>  	if (vma->vm_flags & VM_EXECUTABLE)
>  		removed_exe_file_vma(vma->vm_mm);
>  	kmem_cache_free(vm_area_cachep, vma);

Seems like a pretty obvious -stable candidate, but no stable tag in the
changelog?

Assuming this is needed in -stable, do we know how far back in time the
bug exists?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ