lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160914153814.GA21284@redhat.com>
Date:   Wed, 14 Sep 2016 17:38:14 +0200
From:   Oleg Nesterov <oleg@...hat.com>
To:     Dave Hansen <dave.hansen@...el.com>
Cc:     Michal Hocko <mhocko@...nel.org>,
        Xiao Guangrong <guangrong.xiao@...ux.intel.com>,
        pbonzini@...hat.com, akpm@...ux-foundation.org,
        dan.j.williams@...el.com, gleb@...nel.org, mtosatti@...hat.com,
        kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        stefanha@...hat.com, yuhuang@...hat.com, linux-mm@...ck.org,
        ross.zwisler@...ux.intel.com
Subject: Re: [PATCH v2] mm, proc: Fix region lost in /proc/self/smaps

On 09/13, Dave Hansen wrote:
>
> On 09/13/2016 07:59 AM, Oleg Nesterov wrote:
> > I agree. I don't even understand why this was considered as a bug.
> > Obviously, m_stop() which drops mmap_sep should not be called, or
> > all the threads should be stopped, if you want to trust the result.
>
> There was a mapping at a given address.  That mapping did not change, it
> was not split, its attributes did not change.  But, it didn't show up
> when reading smaps.  Folks _actually_ noticed this in a test suite
> looking for that address range in smaps.

I understand, and I won't argue with any change which makes the things
better. Just I do not think this is a real problem. And this patch can't
fix other oddities and it seems it adds another one (at least) although
I can easily misread this patch and/or the code.

So we change m_cache_vma(),

	-        m->version = m_next_vma(m->private, vma) ? vma->vm_start : -1UL;
	+        m->version = m_next_vma(m->private, vma) ? vma->vm_end : -1UL;

OK, and another change in m_start()

	-        if (vma && (vma = m_next_vma(priv, vma)))
	+        if (vma)

means that it can return the same vma if it grows in between.

show_map_vma() has another change

	+       start = max(vma->vm_start, start);

so it will be reported as _another_ vma, and this doesn't look exactly
right.

And after that *ppos will be falsely incremented... but probably this
doesn't matter because the "if (pos < mm->map_count)" logic in m_start()
looks broken anyway.

> IOW, we had goofy kernel behavior, and it broke a reasonable test
> program.  The test program just used fgets() to read into a fixed-length
> buffer, which is a completely normal thing to do.
>
> To get "sensible results", doesn't userspace have to somehow know in
> advance how many bytes of data a given VMA will generate in smaps output?

Yes, /proc/has its limitations ;)

Even if you read, say, /proc/pid/status you can get the corrupted result
after the short read. But in this case fgets() should likely work, yes.


Dave, let me repeat, I won't argue with any change and in any case you
can safely ignore my opinion.

Oleg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ