| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 May 2018 15:33:34 +0300
From: Andrey Ryabinin <aryabinin@...tuozzo.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Paul Menzel <pmenzel+linux-kasan-dev@...gen.mpg.de>,
Alexander Potapenko <glider@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>, kasan-dev@...glegroups.com,
linux-kernel@...r.kernel.org, linux-mm@...ck.org,
stable@...r.kernel.org, Matthew Wilcox <willy@...radead.org>
Subject: Re: [PATCH] mm/kasan: Don't vfree() nonexistent vm_area.
On 05/23/2018 12:03 AM, Andrew Morton wrote:
> On Tue, 22 May 2018 19:44:06 +0300 Andrey Ryabinin <aryabinin@...tuozzo.com> wrote:
>
>>> Obviously we can't call vfree() to free memory that wasn't allocated via
>>> vmalloc(). Use find_vm_area() to see if we can call vfree().
>>>
>>> Unfortunately it's a bit tricky to properly unmap and free shadow allocated
>>> during boot, so we'll have to keep it. If memory will come online again
>>> that shadow will be reused.
>>>
>>> Fixes: fa69b5989bb0 ("mm/kasan: add support for memory hotplug")
>>> Reported-by: Paul Menzel <pmenzel+linux-kasan-dev@...gen.mpg.de>
>>> Signed-off-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
>>> Cc: <stable@...r.kernel.org>
>>> ---
>>
>> This seems stuck in -mm. Andrew, can we proceed?
>
> OK.
>
> Should there be a code comment explaining the situation that Matthew
> asked about? It's rather obscure.
>
Ok. Here is my attempt to improve the situation. If something is still not clear,
I'm open to suggestions.
From: Andrey Ryabinin <aryabinin@...tuozzo.com>
Subject: [PATCH] mm-kasan-dont-vfree-nonexistent-vm_area-fix
Improve comments.
Signed-off-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
---
mm/kasan/kasan.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 135ce2838c89..ea44dd0bc4e7 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -812,7 +812,7 @@ static bool shadow_mapped(unsigned long addr)
/*
* We can't use pud_large() or pud_huge(), the first one
* is arch-specific, the last one depend on HUGETLB_PAGE.
- * So let's abuse pud_bad(), if bud is bad it's has to
+ * So let's abuse pud_bad(), if pud is bad than it's bad
* because it's huge.
*/
if (pud_bad(*pud))
@@ -871,9 +871,16 @@ static int __meminit kasan_mem_notifier(struct notifier_block *nb,
struct vm_struct *vm;
/*
- * Only hot-added memory have vm_area. Freeing shadow
- * mapped during boot would be tricky, so we'll just
- * have to keep it.
+ * shadow_start was either mapped during boot by kasan_init()
+ * or during memory online by __vmalloc_node_range().
+ * In the latter case we can use vfree() to free shadow.
+ * Non-NULL result of the find_vm_area() will tell us if
+ * that was the second case.
+ *
+ * Currently it's not possible to free shadow mapped
+ * during boot by kasan_init(). It's because the code
+ * to do that hasn't been written yet. So we'll just
+ * leak the memory.
*/
vm = find_vm_area((void *)shadow_start);
if (vm)
--
2.16.1
Powered by blists - more mailing lists