lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <497F8EE8.8070402@cybernetics.com>
Date:	Tue, 27 Jan 2009 17:47:04 -0500
From:	Tony Battersby <tonyb@...ernetics.com>
To:	linux-kernel@...r.kernel.org
Cc:	Jiri Olsa <olsajiri@...il.com>, Jiri Kosina <jkosina@...e.cz>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: [PATCH 1/2] fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM

shm_get_stat() assumes that the inode is a "struct
shmem_inode_info", which is incorrect for !CONFIG_SHMEM (see
fs/ramfs/inode.c::ramfs_get_inode() vs. mm/shmem.c::shmem_get_inode()).
This bad assumption can cause shmctl(SHM_INFO) to lockup when
shm_get_stat() tries to spin_lock(&info->lock).  Users of !CONFIG_SHMEM
may encounter this lockup simply by invoking the 'ipcs' command.

Signed-off-by: Tony Battersby <tonyb@...ernetics.com>
CC: <stable@...nel.org>
---

This bug was reported by Jiri Olsa back in February 2008; CC'ing the
people involved in the original discussion.
http://lkml.org/lkml/2008/2/29/74

--- linux-2.6.29-rc2-git3/ipc/shm.c.orig	2009-01-27 16:23:10.000000000 -0500
+++ linux-2.6.29-rc2-git3/ipc/shm.c	2009-01-27 16:23:32.000000000 -0500
@@ -565,11 +565,15 @@ static void shm_get_stat(struct ipc_name
 			struct hstate *h = hstate_file(shp->shm_file);
 			*rss += pages_per_huge_page(h) * mapping->nrpages;
 		} else {
+#ifdef CONFIG_SHMEM
 			struct shmem_inode_info *info = SHMEM_I(inode);
 			spin_lock(&info->lock);
 			*rss += inode->i_mapping->nrpages;
 			*swp += info->swapped;
 			spin_unlock(&info->lock);
+#else
+			*rss += inode->i_mapping->nrpages;
+#endif
 		}
 
 		total++;



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ