| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LSU.2.00.1204201229020.1614@eggly.anvils> Date: Fri, 20 Apr 2012 12:32:45 -0700 (PDT) From: Hugh Dickins <hughd@...gle.com> To: Linus Torvalds <torvalds@...ux-foundation.org> cc: Al Viro <viro@...iv.linux.org.uk>, linux-fsdevel@...r.kernel.org, James Morris <jmorris@...ei.org>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, David Safford <safford@...ux.vnet.ibm.com>, Dmitry Kasatkin <dmitry.kasatkin@...el.com>, Mimi Zohar <zohar@...ux.vnet.ibm.com>, David Miller <davem@...emloft.net>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [RFC] situation with fput() locking (was Re: [PULL REQUEST] : ima-appraisal patches) On Fri, 20 Apr 2012, Linus Torvalds wrote: > On Fri, Apr 20, 2012 at 12:04 PM, Al Viro <viro@...iv.linux.org.uk> wrote: > > > > Deferring the final pass after dropping ->mmap_sem is going to be > > interesting; what would protect ->vm_next on those suckers? > > Just remove them from the active list, and keep them linked to each > other using vm_next. > > After all, the only case we care about is the case where the vma gets > removed entirely, so we just put them on their own list. > > In fact, that's what we already do for other reasons. See > detach_vmas_to_be_unmapped(). > > So vm_next is actually entirely *private* by this time, and needs no > locking at all. > > As far as I can tell, we could just make do_munmap() return that > private list, and then do the fput's and freeing of the list outside > the mmap_sem lock. > > That actually looks pretty simple. There are a fair number of callers, > which looks to be the main annoyance. But fixing it up with some > pattern of "do finish_munmap after drooping the mmap_sem" doesn't look > *complicated*, just slightly annoying. > > The *bigger* annoyance is actually "do_mmap()", which does a > do_munmap() as part of it, so it needs the same cleanup too. > > There might be other cases that do munmap as part of their operation > (and that have the mmap_sem held outside of the caller), but > do_munmap() and do_mmap() seem to be the two obvious ones. > > Many of the callers seem to do the mmap_sem() right around the call, > though (see binfmt_elf.c for example), so it really would be a rather > local fixup. Yes, that's exactly how I was thinking of it. Hugh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists