lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 22 Jul 2010 09:16:44 -0400
From:	Rik van Riel <riel@...hat.com>
To:	KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>
CC:	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>,
	kosaki.motohiro@...fujitsu.com,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Andrea Arcangeli <aarcange@...hat.com>
Subject: Re: [BUGFIX][PATCH] Fix false positive BUG_ON in __page_set_anon_rmap

On 07/22/2010 03:41 AM, KAMEZAWA Hiroyuki wrote:
> Rik, how do you think ?
>
> ==
> From: KAMEZAWA Hiroyuki<kamezawa.hiroyu@...fujitsu.com>
>
> Problem: wrong BUG_ON() in  __page_set_anon_rmap().
> Kernel version: mmotm-0719

> Description:
>    Even if SwapCache is fully unmapped and mapcount goes down to 0,
>    page->mapping is not cleared and will remain on memory until kswapd or some
>    finds it. If a thread cause a page fault onto such "unmapped-but-not-discarded"
>    swapcache, it will see a swap cache whose mapcount is 0 but page->mapping has a
>    valid value.
>
>    When it's reused at do_swap_page(), __page_set_anon_rmap() is called with
>    "exclusive==1" and hits BUG_ON(). But this BUG_ON() is wrong. Nothing bad
>    with rmapping a page which has page->mapping isn't 0.

Yes, you are absolutely right.

Acked-by: Rik van Riel <riel@...hat.com>

> Index: mmotm-2.6.35-0719/mm/rmap.c
> ===================================================================
> --- mmotm-2.6.35-0719.orig/mm/rmap.c
> +++ mmotm-2.6.35-0719/mm/rmap.c
> @@ -783,8 +783,16 @@ static void __page_set_anon_rmap(struct
>   		if (PageAnon(page))
>   			return;
>   		anon_vma = anon_vma->root;
> -	} else
> -		BUG_ON(PageAnon(page));
> +	} else {
> +		/*
> + 		 * In this case, swapped-out-but-not-discarded swap-cache
> + 		 * is remapped. So, no need to update page->mapping here.
> + 		 * We convice anon_vma poitned by page->mapping is not obsolete
> + 		 * because vma->anon_vma is necessary to be a family of it.
> + 		 */
> +		if (PageAnon(page))
> +			return;
> +	}
>
>   	anon_vma = (void *) anon_vma + PAGE_MAPPING_ANON;
>   	page->mapping = (struct address_space *) anon_vma;
>


-- 
All rights reversed
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ