lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20160804144649.7ac4727ad0d93097c4055610@linux-foundation.org>
Date:	Thu, 4 Aug 2016 14:46:49 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc:	Geert Uytterhoeven <geert@...ux-m68k.org>,
	Michal Hocko <mhocko@...e.com>,
	Oleg Nesterov <oleg@...hat.com>, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH/RFC] mm, oom: Fix uninitialized ret in
 task_will_free_mem()

On Thu, 4 Aug 2016 21:28:13 +0900 Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> wrote:

> > 
> > Fixes: 1af8bb43269563e4 ("mm, oom: fortify task_will_free_mem()")
> > Signed-off-by: Geert Uytterhoeven <geert@...ux-m68k.org>
> > ---
> > Untested. I'm not familiar with the code, hence the default value of
> > true was deducted from the logic in the loop (return false as soon as
> > __task_will_free_mem() has returned false).
> 
> I think ret = true is correct. Andrew, please send to linux.git.

task_will_free_mem() is too hard to understand.

We're examining task "A":

: 	for_each_process(p) {
: 		if (!process_shares_mm(p, mm))
: 			continue;
: 		if (same_thread_group(task, p))
: 			continue;

So here, we've found a process `p' which shares A's mm and which does
not share A's thread group.

: 		ret = __task_will_free_mem(p);

And here we check to see if killing `p' would free up memory.

: 		if (!ret)
: 			break;

If killing `p' will not free memory then give up the scan of all
processes because <reasons>, and we decide that killing `A' will
not free memory either, because some other task is holding onto
A's memory anyway.

: 	}

And if no task is found to be sharing A's mm while not sharing A's
thread group then fall through and decide to kill A.  In which case the
patch to return `true' is correct.

Correctish?  Maybe.  Can we please get some comments in there to
demystify the decision-making?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ