lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20200310104601.GB11561@kadam>
Date:   Tue, 10 Mar 2020 13:46:01 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     "Joel Fernandes (Google)" <joel@...lfernandes.org>
Cc:     linux-kernel@...r.kernel.org, devel@...verdev.osuosl.org,
        Todd Kjos <tkjos@...roid.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Arve Hjønnevåg <arve@...roid.com>,
        Martijn Coenen <maco@...roid.com>, surenb@...gle.com,
        Christian Brauner <christian@...uner.io>
Subject: Re: [RFC] ashmem: Fix ashmem shrinker nr_to_scan

On Thu, Mar 05, 2020 at 08:19:30PM -0500, Joel Fernandes (Google) wrote:
> nr_to_scan is the number of pages to be freed however ashmem doesn't
> discount nr_to_scan correctly as it frees ranges. It should be
> discounting them by pages than by ranges. Correct the issue.
> 
> Cc: surenb@...gle.com
> Signed-off-by: Joel Fernandes (Google) <joel@...lfernandes.org>
> ---
>  drivers/staging/android/ashmem.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
> index 5891d0744a760..cb525ea6db98a 100644
> --- a/drivers/staging/android/ashmem.c
> +++ b/drivers/staging/android/ashmem.c
> @@ -458,6 +458,8 @@ ashmem_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
>  		lru_del(range);
>  
>  		freed += range_size(range);
> +		sc->nr_to_scan -=  range_size(range);
                                 ^^
Two space characters.

In the old code we didn't *really* have to worry about sc->nr_to_scan
dropping to negative, but now we do.  ->nr_to_scan is unsigned so it
would be a high positive value now so it's maybe a forever loop?  I'm
too lazy to verify...

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ