| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Jul 2011 18:41:34 -0700 From: Greg KH <greg@...ah.com> To: Wengang Wang <wen.gang.wang@...cle.com> Cc: stable@...nel.org, greg.marsden@...cle.com, joe.jin@...cle.com, linux-kernel@...r.kernel.org Subject: Re: [stable] [PATCH] mm: prevent concurrent unmap_mapping_range() on the same inode --to stable On Fri, Jul 08, 2011 at 09:26:49AM +0800, Wengang Wang wrote: > Hi, greg k-h > > On 11-07-07 16:55, Greg KH wrote: > > On Fri, Jun 24, 2011 at 03:02:08PM +0800, Wengang Wang wrote: > > > mainline commit 2aa15890f3c191326678f1bd68af61ec6b8753ec > > > > > > mm: prevent concurrent unmap_mapping_range() on the same inode > > > > > > Michael Leun reported that running parallel opens on a fuse filesystem > > > can trigger a "kernel BUG at mm/truncate.c:475" > > > > > > Gurudas Pai reported the same bug on NFS. > > > > > > The reason is, unmap_mapping_range() is not prepared for more than > > > one concurrent invocation per inode. For example: > > > > > > thread1: going through a big range, stops in the middle of a vma and > > > stores the restart address in vm_truncate_count. > > > > > > thread2: comes in with a small (e.g. single page) unmap request on > > > the same vma, somewhere before restart_address, finds that the > > > vma was already unmapped up to the restart address and happily > > > returns without doing anything. > > > > > > Another scenario would be two big unmap requests, both having to > > > restart the unmapping and each one setting vm_truncate_count to its > > > own value. This could go on forever without any of them being able to > > > finish. > > > > > > Truncate and hole punching already serialize with i_mutex. Other > > > callers of unmap_mapping_range() do not, and it's difficult to get > > > i_mutex protection for all callers. In particular ->d_revalidate(), > > > which calls invalidate_inode_pages2_range() in fuse, may be called > > > with or without i_mutex. > > > > > > This patch adds a new mutex to 'struct address_space' to prevent > > > running multiple concurrent unmap_mapping_range() on the same mapping. > > > > > > [ We'll hopefully get rid of all this with the upcoming mm > > > preemptibility series by Peter Zijlstra, the "mm: Remove i_mmap_mutex > > > lockbreak" patch in particular. But that is for 2.6.39 ] > > > > > > > > > Adding this patch causes Kabi breakage. > > > > > > Signed-off-by: Miklos Szeredi <mszeredi@...e.cz> > > > Reported-by: Michael Leun <lkml20101129@...ton.leun.net> > > > Reported-by: Gurudas Pai <gurudas.pai@...cle.com> > > > Tested-by: Gurudas Pai <gurudas.pai@...cle.com> > > > Acked-by: Hugh Dickins <hughd@...gle.com> > > > Cc: stable@...nel.org > > > Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org> > > > Signed-off-by: Wengang Wang <wen.gang.wang@...cle.com> > > > > As this patch showed up in 2.6.39, I'm confused as to what you wanted me > > to do with it, so I've dropped it from my queue. > > I hope this committed in 2.6.32 stable tree please. Ah, ok, care to resend this, with that information in it somewhere, so I can do that? thanks, greg "I get a _lot_ of email" k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists