| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Nov 2017 10:19:46 +0100
From: Michal Hocko <mhocko@...nel.org>
To: Mike Kravetz <mike.kravetz@...cle.com>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Vlastimil Babka <vbabka@...e.cz>,
Michal Nazarewicz <mina86@...a86.com>,
Mel Gorman <mgorman@...hsingularity.net>,
Johannes Weiner <hannes@...xchg.org>,
Andrew Morton <akpm@...ux-foundation.org>,
stable@...r.kernel.org
Subject: Re: [PATCH v2] mm/cma: fix alloc_contig_range ret code/potential leak
On Wed 22-11-17 10:52:14, Mike Kravetz wrote:
> If the call __alloc_contig_migrate_range() in alloc_contig_range
> returns -EBUSY, processing continues so that test_pages_isolated()
> is called where there is a tracepoint to identify the busy pages.
> However, it is possible for busy pages to become available between
> the calls to these two routines. In this case, the range of pages
> may be allocated. Unfortunately, the original return code (ret
> == -EBUSY) is still set and returned to the caller. Therefore,
> the caller believes the pages were not allocated and they are leaked.
>
> Update comment to indicate that allocation is still possible even if
> __alloc_contig_migrate_range returns -EBUSY. Also, clear return code
> in this case so that it is not accidentally used or returned to caller.
>
> Fixes: 8ef5849fa8a2 ("mm/cma: always check which page caused allocation failure")
> Cc: <stable@...r.kernel.org>
> Signed-off-by: Mike Kravetz <mike.kravetz@...cle.com>
OK, this one looks reasonable as well.
Acked-by: Michal Hocko <mhocko@...e.com>
Thanks!
> ---
> mm/page_alloc.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index 77e4d3c5c57b..25e81844d1aa 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -7582,11 +7582,18 @@ int alloc_contig_range(unsigned long start, unsigned long end,
>
> /*
> * In case of -EBUSY, we'd like to know which page causes problem.
> - * So, just fall through. We will check it in test_pages_isolated().
> + * So, just fall through. test_pages_isolated() has a tracepoint
> + * which will report the busy page.
> + *
> + * It is possible that busy pages could become available before
> + * the call to test_pages_isolated, and the range will actually be
> + * allocated. So, if we fall through be sure to clear ret so that
> + * -EBUSY is not accidentally used or returned to caller.
> */
> ret = __alloc_contig_migrate_range(&cc, start, end);
> if (ret && ret != -EBUSY)
> goto done;
> + ret =0;
>
> /*
> * Pages from [start, end) are within a MAX_ORDER_NR_PAGES
> --
> 2.13.6
>
--
Michal Hocko
SUSE Labs
Powered by blists - more mailing lists