| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 03 Aug 2015 12:21:14 +0000 (GMT)
From: GIRISH K S <ks.giri@...sung.com>
To: Jerome Glisse <j.glisse@...il.com>,
Girish KS <girishks2000@...il.com>
Cc: J??e Glisse <jglisse@...hat.com>,
Christophe Harle <charle@...dia.com>,
Mark Hairgrove <mhairgrove@...dia.com>,
Dave Airlie <airlied@...hat.com>,
Arvind Gopalakrishnan <arvindg@...dia.com>,
Jatin Kumar <jakumar@...dia.com>,
"joro@...tes.org" <joro@...tes.org>,
Greg Stoner <Greg.Stoner@....com>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
Cameron Buschardt <cabuschardt@...dia.com>,
Rik van Riel <riel@...hat.com>,
Paul Blinzer <Paul.Blinzer@....com>,
Lucien Dunning <ldunning@...dia.com>,
Johannes Weiner <jweiner@...hat.com>,
Haggai Eran <haggaie@...lanox.com>,
Michael Mantor <Michael.Mantor@....com>,
Laurent Morichetti <Laurent.Morichetti@....com>,
Larry Woodman <lwoodman@...hat.com>,
John Hubbard <jhubbard@...dia.com>,
Brendan Conoboy <blc@...hat.com>,
John Bridgman <John.Bridgman@....com>,
Subhash Gutti <sgutti@...dia.com>,
Roland Dreier <roland@...estorage.com>,
Duncan Poole <dpoole@...dia.com>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
Alexander Deucher <Alexander.Deucher@....com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andrea Arcangeli <aarcange@...hat.com>,
Leonid Shamis <Leonid.Shamis@....com>,
Sherry Cheung <SCheung@...dia.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Shachar Raindel <raindel@...lanox.com>,
Liran Liss <liranl@...lanox.com>,
Ben Sander <ben.sander@....com>,
Joe Donohue <jdonohue@...hat.com>,
Mel Gorman <mgorman@...e.de>, "H. Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>
Subject: Re: Re: [PATCH 05/15] HMM: introduce heterogeneous memory management
v4.
------- Original Message -------
Sender : Jerome Glisse<j.glisse@...il.com>
Date : Aug 03, 2015 17:26 (GMT+05:30)
Title : Re: [PATCH 05/15] HMM: introduce heterogeneous memory management v4.
On Mon, Aug 03, 2015 at 01:20:13PM +0530, Girish KS wrote:
> On 18-Jul-2015 12:47 am, "J��e Glisse" wrote:
> >
[...]
> > +int hmm_mirror_register(struct hmm_mirror *mirror)
> > +{
> > + struct mm_struct *mm = current->mm;
> > + struct hmm *hmm = NULL;
> > + int ret = 0;
> > +
> > + /* Sanity checks. */
> > + BUG_ON(!mirror);
> > + BUG_ON(!mirror->device);
> > + BUG_ON(!mm);
> > +
> > + /*
> > + * Initialize the mirror struct fields, the mlist init and del
> dance is
> > + * necessary to make the error path easier for driver and for hmm.
> > + */
> > + kref_init(&mirror->kref);
> > + INIT_HLIST_NODE(&mirror->mlist);
> > + INIT_LIST_HEAD(&mirror->dlist);
> > + spin_lock(&mirror->device->lock);
> > + list_add(&mirror->dlist, &mirror->device->mirrors);
> > + spin_unlock(&mirror->device->lock);
> > +
> > + down_write(&mm->mmap_sem);
> > +
> > + hmm = mm->hmm ? hmm_ref(hmm) : NULL;
>
> Instead of hmm mm->hmm would be the right param to be passed. Here even
> though mm->hmm is true hmm_ref returns NULL. Because hmm is not updated
> after initialization in the beginning.
ENOPARSE ? While this can be simplified to hmm = hmm_ref(mm->hmm); I do not
see what you mean. The mm struct might already have a valid hmm field set,
and that valid hmm struct might also already be in the process of being
destroy. So hmm_ref() might either return the same hmm pointer if the hmm
object is not about to be release or NULL. But at this point there is no
certainty on the return value of hmm_ref().
I didn't mean hmm = hmm_ref(mm->hmm);. I ll try to put it in a better way. The hmm local variable is initialized to NULL in the start of the function (struct hmm *hmm = NULL;), and this is not modified till it is passed to hmm_ref. So hmm_ref would always return a NULL irrespective of mm->hmm is NULL or valid address.
So the statement hmm = mm->hmm ? hmm_ref(hmm) : NULL; should be replaced as hmm = mm->hmm ? hmm_ref(mm->hmm) : NULL;.
Also Assume mm->hmm had a hmm object assigned to it before entering this function. Since the hmm_ref(hmm) returns NULL always, previously assigned mm->hmm address would be overwritten by the allocation and assignment that happen below in this function.
Note that because we have the mmap sem in write mode we know it is safe
to dereference mm->hmm and even to overwrite that field it if it is being
destroy concurently.
Cheers,
J��e
Powered by blists - more mailing lists