lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20111220192850.GB3870@cmpxchg.org>
Date:	Tue, 20 Dec 2011 20:28:50 +0100
From:	Johannes Weiner <hannes@...xchg.org>
To:	kosaki.motohiro@...il.com
Cc:	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	Minchan Kim <minchan.kim@...il.com>,
	Caspar Zhang <caspar@...parzhang.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Stephen Wilson <wilsons@...rt.ca>,
	Andrea Arcangeli <aarcange@...hat.com>
Subject: Re: [PATCH] [v2] mempolicy: refix mbind_range() vma issue

On Tue, Dec 20, 2011 at 01:17:10PM -0500, kosaki.motohiro@...il.com wrote:
> From: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
> 
> commit 8aacc9f550 (mm/mempolicy.c: fix pgoff in mbind vma merge) is
> slightly incorrect fix.
> 
> Why? Think following case.
> 
> 1. map 4 pages of a file at offset 0
> 
>    [0123]
> 
> 2. map 2 pages just after the first mapping of the same file but with
>    page offset 2
> 
>    [0123][23]
> 
> 3. mbind() 2 pages from the first mapping at offset 2.
>    mbind_range() should treat new vma is,
> 
>    [0123][23]
>      |23|
>      mbind vma
> 
>    but it does
> 
>    [0123][23]
>      |01|
>      mbind vma
> 
>    Oops. then, it makes wrong vma merge and splitting ([01][0123] or similar).
> 
> This patch fixes it.
> 
> [testcase]
>   test result - before the patch
> 
> 	case4: 126: test failed. expect '2,4', actual '2,2,2'
>        	case5: passed
> 	case6: passed
> 	case7: passed
> 	case8: passed
> 	case_n: 246: test failed. expect '4,2', actual '1,4'
> 
> 	------------[ cut here ]------------
> 	kernel BUG at mm/filemap.c:135!
> 	invalid opcode: 0000 [#4] SMP DEBUG_PAGEALLOC
> 
> 	(snip long bug on messages)
> 
>   test result - after the patch
> 
> 	case4: passed
>        	case5: passed
> 	case6: passed
> 	case7: passed
> 	case8: passed
> 	case_n: passed

> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
> Cc: Johannes Weiner <hannes@...xchg.org>
> Cc: Minchan Kim <minchan.kim@...il.com>
> CC: Caspar Zhang <caspar@...parzhang.com>

Looks good to me now, thanks.

Acked-by: Johannes Weiner <hannes@...xchg.org>

Since this can corrupt virtual mappings and was released with 3.2, I
think we also want this:

Cc: stable@...nel.org [3.2.x]
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ