lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <d9b1665a88f594981fec92807792bcff@zipernowsky.hu>
Date:	Sat, 02 Aug 2008 15:43:40 +0200
From:	Oliver Pinter <oliver@...ernowsky.hu>
To:	Russell King <rmk@...-67.arm.linux.org.uk>, stable@...nel.org
Cc:	Oliver Pinter <oliver.pntr@...il.com>, linux-kernel@...r.kernel.org
Subject: [RFC, 2.6.26.2-rc1] Fix shared mmap when more than two maps of the same
 file exist

>From 53cdb27a933e4032934cbda0b447cfc9943c0eac Mon Sep 17 00:00:00 2001
From: Russell King <rmk@...-67.arm.linux.org.uk>
Date: Sun, 27 Jul 2008 10:35:54 +0100
Subject: [PATCH] [ARM] Fix shared mmap when more than two maps of the same
file exist

[ Upstream commit 53cdb27a933e4032934cbda0b447cfc9943c0eac ]

The shared mmap code works fine for the test case, which only checked
for two shared maps of the same file.  However, three shared maps
result in one mapping remaining cached, resulting in stale data being
visible via that mapping.  Fix this.

Signed-off-by: Russell King <rmk+kernel@....linux.org.uk>
CC: Oliver Pinter <oliver.pntr@...il.com>

diff --git a/arch/arm/mm/fault-armv.c b/arch/arm/mm/fault-armv.c
index fbfa260..a8ec97b 100644
--- a/arch/arm/mm/fault-armv.c
+++ b/arch/arm/mm/fault-armv.c
@@ -37,7 +37,7 @@ static int adjust_pte(struct vm_area_struct *vma,
unsigned long address)
 	pgd_t *pgd;
 	pmd_t *pmd;
 	pte_t *pte, entry;
-	int ret = 0;
+	int ret;
 
 	pgd = pgd_offset(vma->vm_mm, address);
 	if (pgd_none(*pgd))
@@ -55,15 +55,19 @@ static int adjust_pte(struct vm_area_struct *vma,
unsigned long address)
 	entry = *pte;
 
 	/*
+	 * If this page is present, it's actually being shared.
+	 */
+	ret = pte_present(entry);
+
+	/*
 	 * If this page isn't present, or is already setup to
 	 * fault (ie, is old), we can safely ignore any issues.
 	 */
-	if (pte_present(entry) && pte_val(entry) & shared_pte_mask) {
+	if (ret && pte_val(entry) & shared_pte_mask) {
 		flush_cache_page(vma, address, pte_pfn(entry));
 		pte_val(entry) &= ~shared_pte_mask;
 		set_pte_at(vma->vm_mm, address, pte, entry);
 		flush_tlb_page(vma, address);
-		ret = 1;
 	}
 	pte_unmap(pte);
 	return ret;


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ