lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 1 Dec 2010 13:38:31 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Hugh Dickins <hughd@...gle.com>
Cc:	Trond Myklebust <Trond.Myklebust@...app.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Nick Piggin <npiggin@...nel.dk>,
	Nick Bowler <nbowler@...iptictech.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	linux-nfs@...r.kernel.org, Rik van Riel <riel@...hat.com>,
	Christoph Hellwig <hch@....de>,
	Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH v2 3/3] NFS: Fix a memory leak in nfs_readdir

On Wed, 1 Dec 2010 13:15:07 -0800 (PST)
Hugh Dickins <hughd@...gle.com> wrote:

> On Wed, 1 Dec 2010, Hugh Dickins wrote:
> > On Wed, 1 Dec 2010, Andrew Morton wrote:
> > > On Wed, 01 Dec 2010 15:10:50 -0500
> > > Trond Myklebust <Trond.Myklebust@...app.com> wrote:
> > > 
> > > > --- a/include/linux/fs.h
> > > > +++ b/include/linux/fs.h
> > > > @@ -602,6 +602,7 @@ struct address_space_operations {
> > > >  	sector_t (*bmap)(struct address_space *, sector_t);
> > > >  	void (*invalidatepage) (struct page *, unsigned long);
> > > >  	int (*releasepage) (struct page *, gfp_t);
> > > > +	void (*freepage)(struct page *);
> > > >  	ssize_t (*direct_IO)(int, struct kiocb *, const struct iovec *iov,
> > > >  			loff_t offset, unsigned long nr_segs);
> > > >  	int (*get_xip_mem)(struct address_space *, pgoff_t, int,
> > > 
> > > It would be good to think about and then clearly spell out exactly what
> > > state the page is in here.  It is locked, and I assume clean and not
> > > under writeback.  What about its refcount, freezedness status and
> > > eligibility for lookups?
> > > 
> > > And as Hugh pointed out, some callees might needs the address_space*
> > > although we can perhaps defer that until such a callee turns up. 
> > > If/when that happens we might have a problem though: if this locked
> > > page is no longer attached to the address_space then what now pins the
> > > address_space, protecting it from inode reclaim?
> > 
> > That's an excellent point and trumps mine: it would be actively wrong
> > to provide the struct address_space *mapping arg I was asking for.
> > (Bet someone then tries stashing it away via page->private though.)
> 
> Hmm, thinking further along the same lines: can we even guarantee that
> the filesystem module is still loaded at that point?  i.e. might
> mapping->freepage now be pointing off into the garbage heap?

I don't see anything on the VFS side which would prevent a module
unload.  Or, more realistically, a concurrent unmount, freeing of the
superblock and everything associated with it.  All we have here is a
page*.

Probably on most call paths we'll be OK - if a process is in the middle
of a file truncate, holdin a file* ref which holds an inode ref then
nobody will be unmounting that fs and hence nobody will be unloading
that module.

However on the random_code->alloc_page->vmscan->releasepage path, none
of that applies.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists