[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20160919115519.1c12bb3c0215260e20f9b1cb@linux-foundation.org>
Date: Mon, 19 Sep 2016 11:55:19 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: David Rientjes <rientjes@...gle.com>
Cc: linux-kernel@...r.kernel.org, vegard.nossum@...cle.com,
aryabinin@...tuozzo.com, dvyukov@...gle.com, glider@...gle.com
Subject: Re: + stackdepot-fix-mempolicy-use-after-free.patch added to -mm
tree
On Wed, 24 Aug 2016 18:08:08 -0700 (PDT) David Rientjes <rientjes@...gle.com> wrote:
> > diff -puN lib/stackdepot.c~stackdepot-fix-mempolicy-use-after-free lib/stackdepot.c
> > --- a/lib/stackdepot.c~stackdepot-fix-mempolicy-use-after-free
> > +++ a/lib/stackdepot.c
> > @@ -243,6 +243,12 @@ depot_stack_handle_t depot_save_stack(st
> > alloc_flags &= ~GFP_ZONEMASK;
> > alloc_flags &= (GFP_ATOMIC | GFP_KERNEL);
> > alloc_flags |= __GFP_NOWARN;
> > + /*
> > + * Avoid using current->mempolicy which may already have
> > + * been freed -- we may be in the process of saving the
> > + * stack for exactly that __mpol_put() call.
> > + */
> > + alloc_flags |= __GFP_THISNODE;
> > page = alloc_pages(alloc_flags, STACK_ALLOC_ORDER);
> > if (page)
> > prealloc = page_address(page);
>
> This is wrong, it unnecessarily restricts the allocation to a local node
> and has a greater chance to fail. Passing __GFP_THISNODE here is only an
> implementation detail of mempolicies to avoid reference to freed policy.
> It is easy to fix by using alloc_pages_node(NUMA_NO_NODE, alloc_flags,
> STACK_ALLOC_ORDER) instead of alloc_pages() directly.
Any volunteers to test and send the patch?
Powered by blists - more mailing lists