lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20140304215735.GA11171@cmpxchg.org>
Date:	Tue, 4 Mar 2014 16:57:35 -0500
From:	Johannes Weiner <hannes@...xchg.org>
To:	akpm@...ux-foundation.org
Cc:	mm-commits@...r.kernel.org, walken@...gle.com, vbabka@...e.cz,
	tj@...nel.org, semenzato@...gle.com, rmallon@...il.com,
	riel@...hat.com, peterz@...radead.org, ozgun@...usdata.com,
	minchan@...nel.org, mgorman@...e.de, metin@...usdata.com,
	kosaki.motohiro@...fujitsu.com, klamm@...dex-team.ru, jack@...e.cz,
	hughd@...gle.com, hch@...radead.org, gthelen@...gle.com,
	david@...morbit.com, bob.liu@...cle.com, aarcange@...hat.com,
	linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: +
 mm-fs-prepare-for-non-page-entries-in-page-cache-radix-trees.patch added to
 -mm tree

On Tue, Feb 04, 2014 at 03:14:49PM -0800, akpm@...ux-foundation.org wrote:
> @@ -307,14 +331,15 @@ void truncate_inode_pages_range(struct a
>  	index = start;
>  	for ( ; ; ) {
>  		cond_resched();
> -		if (!pagevec_lookup(&pvec, mapping, index,
> -			min(end - index, (pgoff_t)PAGEVEC_SIZE))) {
> +		if (!__pagevec_lookup(&pvec, mapping, index,
> +			min(end - index, (pgoff_t)PAGEVEC_SIZE),
> +			indices)) {
>  			if (index == start)
>  				break;
>  			index = start;
>  			continue;
>  		}
> -		if (index == start && pvec.pages[0]->index >= end) {
> +		if (index == start && indices[0] >= end) {
>  			pagevec_release(&pvec);
>  			break;
>  		}

There is a missing pagevec_remove_exceptionals(), which can crash the
kernel when pagevec_release() passes the non-page pointers to the page
allocator.

Andrew, could you please include this incremental fix?

---
From: Johannes Weiner <hannes@...xchg.org>
Subject: [patch] mm + fs: prepare for non-page entries in page cache radix
 trees fix

__pagevec_lookup() stores exceptional entries in the pagevec.  They
must be pruned before passing the pagevec along to pagevec_release()
or the kernel crashes when these non-page pointers reach the page
allocator.

Add a missing pagevec_remove_exceptionals() in the truncate path.

Signed-off-by: Johannes Weiner <hannes@...xchg.org>
---
 mm/truncate.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mm/truncate.c b/mm/truncate.c
index b0f4d4bee8ab..5fafca2ed3d2 100644
--- a/mm/truncate.c
+++ b/mm/truncate.c
@@ -340,6 +340,7 @@ void truncate_inode_pages_range(struct address_space *mapping,
 			continue;
 		}
 		if (index == start && indices[0] >= end) {
+			pagevec_remove_exceptionals(&pvec);
 			pagevec_release(&pvec);
 			break;
 		}
-- 
1.9.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ