lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 6 Nov 2012 14:38:15 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Michel Lespinasse <walken@...gle.com>
Cc:	Rik van Riel <riel@...hat.com>, Hugh Dickins <hughd@...gle.com>,
	linux-kernel@...r.kernel.org,
	Russell King <linux@....linux.org.uk>,
	Ralf Baechle <ralf@...ux-mips.org>,
	Paul Mundt <lethal@...ux-sh.org>,
	"David S. Miller" <davem@...emloft.net>,
	Chris Metcalf <cmetcalf@...era.com>, x86@...nel.org,
	William Irwin <wli@...omorphy.com>, linux-mm@...ck.org,
	linux-arm-kernel@...ts.infradead.org, linux-mips@...ux-mips.org,
	linux-sh@...r.kernel.org, sparclinux@...r.kernel.org
Subject: Re: [PATCH 03/16] mm: check rb_subtree_gap correctness

On Mon,  5 Nov 2012 14:47:00 -0800
Michel Lespinasse <walken@...gle.com> wrote:

> When CONFIG_DEBUG_VM_RB is enabled, check that rb_subtree_gap is
> correctly set for every vma and that mm->highest_vm_end is also correct.
> 
> Also add an explicit 'bug' variable to track if browse_rb() detected any
> invalid condition.
> 
> ...
>
> @@ -365,7 +365,7 @@ static void vma_rb_erase(struct vm_area_struct *vma, struct rb_root *root)
>  #ifdef CONFIG_DEBUG_VM_RB
>  static int browse_rb(struct rb_root *root)
>  {
> -	int i = 0, j;
> +	int i = 0, j, bug = 0;
>  	struct rb_node *nd, *pn = NULL;
>  	unsigned long prev = 0, pend = 0;
>  
> @@ -373,29 +373,33 @@ static int browse_rb(struct rb_root *root)
>  		struct vm_area_struct *vma;
>  		vma = rb_entry(nd, struct vm_area_struct, vm_rb);
>  		if (vma->vm_start < prev)
> -			printk("vm_start %lx prev %lx\n", vma->vm_start, prev), i = -1;
> +			printk("vm_start %lx prev %lx\n", vma->vm_start, prev), bug = 1;
>  		if (vma->vm_start < pend)
> -			printk("vm_start %lx pend %lx\n", vma->vm_start, pend);
> +			printk("vm_start %lx pend %lx\n", vma->vm_start, pend), bug = 1;
>  		if (vma->vm_start > vma->vm_end)
> -			printk("vm_end %lx < vm_start %lx\n", vma->vm_end, vma->vm_start);
> +			printk("vm_end %lx < vm_start %lx\n", vma->vm_end, vma->vm_start), bug = 1;
> +		if (vma->rb_subtree_gap != vma_compute_subtree_gap(vma))
> +			printk("free gap %lx, correct %lx\n",
> +			       vma->rb_subtree_gap,
> +			       vma_compute_subtree_gap(vma)), bug = 1;

OK, now who did that.  Whoever it was: stop it or you'll have your
kernel license revoked!

--- a/mm/mmap.c~mm-check-rb_subtree_gap-correctness-fix
+++ a/mm/mmap.c
@@ -372,16 +372,25 @@ static int browse_rb(struct rb_root *roo
 	for (nd = rb_first(root); nd; nd = rb_next(nd)) {
 		struct vm_area_struct *vma;
 		vma = rb_entry(nd, struct vm_area_struct, vm_rb);
-		if (vma->vm_start < prev)
-			printk("vm_start %lx prev %lx\n", vma->vm_start, prev), bug = 1;
-		if (vma->vm_start < pend)
-			printk("vm_start %lx pend %lx\n", vma->vm_start, pend), bug = 1;
-		if (vma->vm_start > vma->vm_end)
-			printk("vm_end %lx < vm_start %lx\n", vma->vm_end, vma->vm_start), bug = 1;
-		if (vma->rb_subtree_gap != vma_compute_subtree_gap(vma))
+		if (vma->vm_start < prev) {
+			printk("vm_start %lx prev %lx\n", vma->vm_start, prev);
+			bug = 1;
+		}
+		if (vma->vm_start < pend) {
+			printk("vm_start %lx pend %lx\n", vma->vm_start, pend);
+			bug = 1;
+		}
+		if (vma->vm_start > vma->vm_end) {
+			printk("vm_end %lx < vm_start %lx\n",
+				vma->vm_end, vma->vm_start);
+			bug = 1;
+		}
+		if (vma->rb_subtree_gap != vma_compute_subtree_gap(vma)) {
 			printk("free gap %lx, correct %lx\n",
 			       vma->rb_subtree_gap,
-			       vma_compute_subtree_gap(vma)), bug = 1;
+			       vma_compute_subtree_gap(vma));
+			bug = 1;
+		}
 		i++;
 		pn = nd;
 		prev = vma->vm_start;
@@ -390,8 +399,10 @@ static int browse_rb(struct rb_root *roo
 	j = 0;
 	for (nd = pn; nd; nd = rb_prev(nd))
 		j++;
-	if (i != j)
-		printk("backwards %d, forwards %d\n", j, i), bug = 1;
+	if (i != j) {
+		printk("backwards %d, forwards %d\n", j, i);
+		bug = 1;
+	}
 	return bug ? -1 : i;
 }
 
@@ -411,14 +422,20 @@ void validate_mm(struct mm_struct *mm)
 		vma = vma->vm_next;
 		i++;
 	}
-	if (i != mm->map_count)
-		printk("map_count %d vm_next %d\n", mm->map_count, i), bug = 1;
-	if (highest_address != mm->highest_vm_end)
+	if (i != mm->map_count) {
+		printk("map_count %d vm_next %d\n", mm->map_count, i);
+		bug = 1;
+	}
+	if (highest_address != mm->highest_vm_end) {
 		printk("mm->highest_vm_end %lx, found %lx\n",
-		       mm->highest_vm_end, highest_address), bug = 1;
+		       mm->highest_vm_end, highest_address);
+		bug = 1;
+	}
 	i = browse_rb(&mm->mm_rb);
-	if (i != mm->map_count)
-		printk("map_count %d rb %d\n", mm->map_count, i), bug = 1;
+	if (i != mm->map_count) {
+		printk("map_count %d rb %d\n", mm->map_count, i);
+		bug = 1;
+	}
 	BUG_ON(bug);
 }
 #else

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ