| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 May 2019 17:31:13 +0200
From: Oleg Nesterov <oleg@...hat.com>
To: Minchan Kim <minchan@...nel.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
linux-mm <linux-mm@...ck.org>, Michal Hocko <mhocko@...e.com>,
Johannes Weiner <hannes@...xchg.org>,
Tim Murray <timmurray@...gle.com>,
Joel Fernandes <joel@...lfernandes.org>,
Suren Baghdasaryan <surenb@...gle.com>,
Daniel Colascione <dancol@...gle.com>,
Shakeel Butt <shakeelb@...gle.com>,
Sonny Rao <sonnyrao@...gle.com>,
Brian Geffon <bgeffon@...gle.com>
Subject: Re: [RFC 5/7] mm: introduce external memory hinting API
On 05/20, Minchan Kim wrote:
>
> + rcu_read_lock();
> + tsk = pid_task(pid, PIDTYPE_PID);
> + if (!tsk) {
> + rcu_read_unlock();
> + goto err;
> + }
> + get_task_struct(tsk);
> + rcu_read_unlock();
> + mm = mm_access(tsk, PTRACE_MODE_ATTACH_REALCREDS);
> + if (!mm || IS_ERR(mm)) {
> + ret = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
> + if (ret == -EACCES)
> + ret = -EPERM;
> + goto err;
> + }
> + ret = madvise_core(tsk, start, len_in, behavior);
IIUC, madvise_core(tsk) plays with tsk->mm->mmap_sem. But this tsk can exit and
nullify its ->mm right after mm_access() succeeds.
another problem is that pid_task(pid) can return a zombie leader, in this case
mm_access() will fail while it shouldn't.
Oleg.
Powered by blists - more mailing lists