| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Jul 2011 16:55:47 -0700 From: Greg KH <greg@...ah.com> To: Wengang Wang <wen.gang.wang@...cle.com> Cc: stable@...nel.org, greg.marsden@...cle.com, joe.jin@...cle.com, linux-kernel@...r.kernel.org Subject: Re: [stable] [PATCH] mm: prevent concurrent unmap_mapping_range() on the same inode --to stable On Fri, Jun 24, 2011 at 03:02:08PM +0800, Wengang Wang wrote: > mainline commit 2aa15890f3c191326678f1bd68af61ec6b8753ec > > mm: prevent concurrent unmap_mapping_range() on the same inode > > Michael Leun reported that running parallel opens on a fuse filesystem > can trigger a "kernel BUG at mm/truncate.c:475" > > Gurudas Pai reported the same bug on NFS. > > The reason is, unmap_mapping_range() is not prepared for more than > one concurrent invocation per inode. For example: > > thread1: going through a big range, stops in the middle of a vma and > stores the restart address in vm_truncate_count. > > thread2: comes in with a small (e.g. single page) unmap request on > the same vma, somewhere before restart_address, finds that the > vma was already unmapped up to the restart address and happily > returns without doing anything. > > Another scenario would be two big unmap requests, both having to > restart the unmapping and each one setting vm_truncate_count to its > own value. This could go on forever without any of them being able to > finish. > > Truncate and hole punching already serialize with i_mutex. Other > callers of unmap_mapping_range() do not, and it's difficult to get > i_mutex protection for all callers. In particular ->d_revalidate(), > which calls invalidate_inode_pages2_range() in fuse, may be called > with or without i_mutex. > > This patch adds a new mutex to 'struct address_space' to prevent > running multiple concurrent unmap_mapping_range() on the same mapping. > > [ We'll hopefully get rid of all this with the upcoming mm > preemptibility series by Peter Zijlstra, the "mm: Remove i_mmap_mutex > lockbreak" patch in particular. But that is for 2.6.39 ] > > > Adding this patch causes Kabi breakage. > > Signed-off-by: Miklos Szeredi <mszeredi@...e.cz> > Reported-by: Michael Leun <lkml20101129@...ton.leun.net> > Reported-by: Gurudas Pai <gurudas.pai@...cle.com> > Tested-by: Gurudas Pai <gurudas.pai@...cle.com> > Acked-by: Hugh Dickins <hughd@...gle.com> > Cc: stable@...nel.org > Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org> > Signed-off-by: Wengang Wang <wen.gang.wang@...cle.com> As this patch showed up in 2.6.39, I'm confused as to what you wanted me to do with it, so I've dropped it from my queue. greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists