lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <bde01dfd-3b32-a6cd-6cce-96f6fd395d0d@suse.cz>
Date:   Thu, 23 Nov 2017 09:05:30 +0100
From:   Vlastimil Babka <vbabka@...e.cz>
To:     Mike Kravetz <mike.kravetz@...cle.com>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Cc:     Joonsoo Kim <iamjoonsoo.kim@....com>,
        Michal Nazarewicz <mina86@...a86.com>,
        Michal Hocko <mhocko@...e.com>,
        Mel Gorman <mgorman@...hsingularity.net>,
        Johannes Weiner <hannes@...xchg.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        stable@...r.kernel.org
Subject: Re: [PATCH v2] mm/cma: fix alloc_contig_range ret code/potential leak

On 11/22/2017 07:52 PM, Mike Kravetz wrote:
> If the call __alloc_contig_migrate_range() in alloc_contig_range
> returns -EBUSY, processing continues so that test_pages_isolated()
> is called where there is a tracepoint to identify the busy pages.
> However, it is possible for busy pages to become available between
> the calls to these two routines.  In this case, the range of pages
> may be allocated.   Unfortunately, the original return code (ret
> == -EBUSY) is still set and returned to the caller.  Therefore,
> the caller believes the pages were not allocated and they are leaked.
> 
> Update comment to indicate that allocation is still possible even if
> __alloc_contig_migrate_range returns -EBUSY.  Also, clear return code
> in this case so that it is not accidentally used or returned to caller.
> 
> Fixes: 8ef5849fa8a2 ("mm/cma: always check which page caused allocation failure")
> Cc: <stable@...r.kernel.org>
> Signed-off-by: Mike Kravetz <mike.kravetz@...cle.com>

Acked-by: Vlastimil Babka <vbabka@...e.cz>

> ---
>  mm/page_alloc.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index 77e4d3c5c57b..25e81844d1aa 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -7582,11 +7582,18 @@ int alloc_contig_range(unsigned long start, unsigned long end,
>  
>  	/*
>  	 * In case of -EBUSY, we'd like to know which page causes problem.
> -	 * So, just fall through. We will check it in test_pages_isolated().
> +	 * So, just fall through. test_pages_isolated() has a tracepoint
> +	 * which will report the busy page.
> +	 *
> +	 * It is possible that busy pages could become available before
> +	 * the call to test_pages_isolated, and the range will actually be
> +	 * allocated.  So, if we fall through be sure to clear ret so that
> +	 * -EBUSY is not accidentally used or returned to caller.
>  	 */
>  	ret = __alloc_contig_migrate_range(&cc, start, end);
>  	if (ret && ret != -EBUSY)
>  		goto done;
> +	ret =0;

             ^ missing space
>  
>  	/*
>  	 * Pages from [start, end) are within a MAX_ORDER_NR_PAGES
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ