| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Feb 2020 09:25:11 -0800
From: Matthew Wilcox <willy@...radead.org>
To: Qian Cai <cai@....pw>
Cc: akpm@...ux-foundation.org, elver@...gle.com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH -next] mm/filemap: fix a data race in filemap_fault()
On Mon, Feb 10, 2020 at 12:00:29PM -0500, Qian Cai wrote:
> @@ -2622,7 +2622,7 @@ void filemap_map_pages(struct vm_fault *vmf,
> if (page->index >= max_idx)
> goto unlock;
>
> - if (file->f_ra.mmap_miss > 0)
> + if (data_race(file->f_ra.mmap_miss > 0))
> file->f_ra.mmap_miss--;
How is this safe? Two threads can each see 1, and then both decrement the
in-memory copy, causing it to end up at -1.
Powered by blists - more mailing lists