| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Dec 2017 16:59:18 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, chenjie <chenjie6@...wei.com>,
guoxuenan <guoxuenan@...wei.com>, Michal Hocko <mhocko@...e.com>,
Minchan Kim <minchan@...nel.org>,
"zhangyi (F)" <yi.zhang@...wei.com>, Miao Xie <miaoxie@...wei.com>,
Mike Rapoport <rppt@...ux.vnet.ibm.com>,
Shaohua Li <shli@...com>,
Andrea Arcangeli <aarcange@...hat.com>,
Mel Gorman <mgorman@...hsingularity.net>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Anshuman Khandual <khandual@...ux.vnet.ibm.com>,
Rik van Riel <riel@...hat.com>,
Carsten Otte <cotte@...ibm.com>,
Dan Williams <dan.j.williams@...el.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH 3.18 04/12] mm/madvise.c: fix madvise() infinite loop under special circumstances
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: chenjie <chenjie6@...wei.com>
commit 6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 upstream.
MADVISE_WILLNEED has always been a noop for DAX (formerly XIP) mappings.
Unfortunately madvise_willneed() doesn't communicate this information
properly to the generic madvise syscall implementation. The calling
convention is quite subtle there. madvise_vma() is supposed to either
return an error or update &prev otherwise the main loop will never
advance to the next vma and it will keep looping for ever without a way
to get out of the kernel.
It seems this has been broken since introduction. Nobody has noticed
because nobody seems to be using MADVISE_WILLNEED on these DAX mappings.
[mhocko@...e.com: rewrite changelog]
Link: http://lkml.kernel.org/r/20171127115318.911-1-guoxuenan@huawei.com
Fixes: fe77ba6f4f97 ("[PATCH] xip: madvice/fadvice: execute in place")
Signed-off-by: chenjie <chenjie6@...wei.com>
Signed-off-by: guoxuenan <guoxuenan@...wei.com>
Acked-by: Michal Hocko <mhocko@...e.com>
Cc: Minchan Kim <minchan@...nel.org>
Cc: zhangyi (F) <yi.zhang@...wei.com>
Cc: Miao Xie <miaoxie@...wei.com>
Cc: Mike Rapoport <rppt@...ux.vnet.ibm.com>
Cc: Shaohua Li <shli@...com>
Cc: Andrea Arcangeli <aarcange@...hat.com>
Cc: Mel Gorman <mgorman@...hsingularity.net>
Cc: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
Cc: David Rientjes <rientjes@...gle.com>
Cc: Anshuman Khandual <khandual@...ux.vnet.ibm.com>
Cc: Rik van Riel <riel@...hat.com>
Cc: Carsten Otte <cotte@...ibm.com>
Cc: Dan Williams <dan.j.williams@...el.com>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
mm/madvise.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -221,9 +221,9 @@ static long madvise_willneed(struct vm_a
{
struct file *file = vma->vm_file;
+ *prev = vma;
#ifdef CONFIG_SWAP
if (!file || mapping_cap_swap_backed(file->f_mapping)) {
- *prev = vma;
if (!file)
force_swapin_readahead(vma, start, end);
else
@@ -241,7 +241,6 @@ static long madvise_willneed(struct vm_a
return 0;
}
- *prev = vma;
start = ((start - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
if (end > vma->vm_end)
end = vma->vm_end;
Powered by blists - more mailing lists