| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Feb 2020 15:39:41 -0800
From: Minchan Kim <minchan@...nel.org>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: LKML <linux-kernel@...r.kernel.org>, linux-mm <linux-mm@...ck.org>,
linux-api@...r.kernel.org, oleksandr@...hat.com,
Suren Baghdasaryan <surenb@...gle.com>,
Tim Murray <timmurray@...gle.com>,
Daniel Colascione <dancol@...gle.com>,
Sandeep Patil <sspatil@...gle.com>,
Sonny Rao <sonnyrao@...gle.com>,
Brian Geffon <bgeffon@...gle.com>,
Michal Hocko <mhocko@...e.com>,
Johannes Weiner <hannes@...xchg.org>,
Shakeel Butt <shakeelb@...gle.com>,
John Dias <joaodias@...gle.com>,
Joel Fernandes <joel@...lfernandes.org>,
Alexander Duyck <alexander.h.duyck@...ux.intel.com>,
Minchan Kim <minchan@...nel.org>,
Oleg Nesterov <oleg@...hat.com>
Subject: [PATCH v4 3/8] mm: validate mm in do_madvise
Oleg pointed out mm could be nulllified right after mm_access succeeds.
This patch validates it before the using.
Cc: Oleg Nesterov <oleg@...hat.com>
Signed-off-by: Minchan Kim <minchan@...nel.org>
---
mm/madvise.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/mm/madvise.c b/mm/madvise.c
index 8611f1d39289..bb04c7897eb9 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -1073,7 +1073,11 @@ int do_madvise(struct task_struct *task, unsigned long start,
int write;
size_t len;
struct blk_plug plug;
- struct mm_struct *mm = task->mm;
+ struct mm_struct *mm = READ_ONCE(task->mm);
+
+ /* task can exit and nullify its ->mm right after mm_access() */
+ if (!mm)
+ return -ESRCH;
start = untagged_addr(start);
--
2.25.0.225.g125e21ebc7-goog
Powered by blists - more mailing lists