| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Nov 2014 14:35:43 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: Daniel Forrest <dan.forrest@...c.wisc.edu> Cc: Konstantin Khlebnikov <koct9i@...il.com>, linux-mm <linux-mm@...ck.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Andrea Arcangeli <aarcange@...hat.com>, Rik van Riel <riel@...hat.com>, Tim Hartrick <tim@...ecast.com>, Hugh Dickins <hughd@...gle.com>, Michel Lespinasse <walken@...gle.com>, Vlastimil Babka <vbabka@...e.cz> Subject: Re: [PATCH v3] mm: prevent endless growth of anon_vma hierarchy On Wed, 26 Nov 2014 15:05:59 -0600 Daniel Forrest <dan.forrest@...c.wisc.edu> wrote: > On Wed, Nov 26, 2014 at 10:11:45PM +0400, Konstantin Khlebnikov wrote: > > > Constantly forking task causes unlimited grow of anon_vma chain. > > Each next child allocate new level of anon_vmas and links vmas to all > > previous levels because it inherits pages from them. None of anon_vmas > > cannot be freed because there might be pages which points to them. > > > > This patch adds heuristic which decides to reuse existing anon_vma instead > > of forking new one. It counts vmas and direct descendants for each anon_vma. > > Anon_vma with degree lower than two will be reused at next fork. > > > > As a result each anon_vma has either alive vma or at least two descendants, > > endless chains are no longer possible and count of anon_vmas is no more than > > two times more than count of vmas. > > While I was working on the previous fix for this bug, Andrew Morton > noticed that the error return from anon_vma_clone() was being dropped > and replaced with -ENOMEM (which is not itself a bug because the only > error return value from anon_vma_clone() is -ENOMEM). > > I did an audit of callers of anon_vma_clone() and discovered an actual > bug where the error return was being lost. In __split_vma(), between > Linux 3.11 and 3.12 the code was changed so the err variable is used > before the call to anon_vma_clone() and the default initial value of > -ENOMEM is overwritten. So a failure of anon_vma_clone() will return > success since err at this point is now zero. > > Below is a patch which fixes this bug and also propagates the error > return value from anon_vma_clone() in all cases. > > I can send this as a separate patch, but maybe it would be easier if > you were to incorporate it into yours? > I grabbed it. A bugfix is a bugfix. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists