lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20100722173920.GI24928@random.random>
Date:	Thu, 22 Jul 2010 19:39:20 +0200
From:	Andrea Arcangeli <aarcange@...hat.com>
To:	Rik van Riel <riel@...hat.com>
Cc:	KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>,
	kosaki.motohiro@...fujitsu.com,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [BUGFIX][PATCH] Fix false positive BUG_ON in
 __page_set_anon_rmap

On Thu, Jul 22, 2010 at 09:16:44AM -0400, Rik van Riel wrote:
> On 07/22/2010 03:41 AM, KAMEZAWA Hiroyuki wrote:
> > Rik, how do you think ?
> >
> > ==
> > From: KAMEZAWA Hiroyuki<kamezawa.hiroyu@...fujitsu.com>
> >
> > Problem: wrong BUG_ON() in  __page_set_anon_rmap().
> > Kernel version: mmotm-0719
> 
> > Description:
> >    Even if SwapCache is fully unmapped and mapcount goes down to 0,
> >    page->mapping is not cleared and will remain on memory until kswapd or some
> >    finds it. If a thread cause a page fault onto such "unmapped-but-not-discarded"
> >    swapcache, it will see a swap cache whose mapcount is 0 but page->mapping has a
> >    valid value.
> >
> >    When it's reused at do_swap_page(), __page_set_anon_rmap() is called with
> >    "exclusive==1" and hits BUG_ON(). But this BUG_ON() is wrong. Nothing bad
> >    with rmapping a page which has page->mapping isn't 0.
> 
> Yes, you are absolutely right.
> 

I already noticed the problem when I merged your patch in aa.git
(before it would only be exclusive=0 in do_swap_page so it wasn't a
false positive), and I fixed it this way:

http://git.kernel.org/?p=linux/kernel/git/andrea/aa.git;a=commitdiff;h=2fe4f42f0f17498984b3f86b2339d583004b45de;hp=ffd146080305632406d97c7f6f984a648854d755

So I retained the BUG_ON for the real page_add_anon_rmap. Maybe not
worth it but you can have a look at my solution if you're interested
to retain it too.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ