| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201009121220.GM5177@ziepe.ca>
Date: Fri, 9 Oct 2020 09:12:20 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: christian.koenig@....com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, linaro-mm-sig@...ts.linaro.org,
dri-devel@...ts.freedesktop.org, linux-media@...r.kernel.org,
chris@...is-wilson.co.uk, airlied@...hat.com,
akpm@...ux-foundation.org, sumit.semwal@...aro.org
Subject: Re: [PATCH 1/4] mm: introduce vma_set_file function v2
On Fri, Oct 09, 2020 at 09:39:00AM +0200, Daniel Vetter wrote:
> I just noticed this here in the patch because everyone else does not do
> this. But looking at the mmap_region() code in mmap.c we seem to indeed
> have this problem for the error path:
>
> unmap_and_free_vma:
> vma->vm_file = NULL;
> fput(file);
>
> Note that the success path does things correctly (a bit above):
>
> file = vma->vm_file;
> out:
>
> So it indeed looks like dma-buf is the only one that does this fully
> correctly. So maybe we should do a follow-up patch to change the
> mmap_region exit code to pick up whatever vma->vm_file was set instead,
> and fput that?
Given that this new vma_set_file() should be the only way to
manipulate vm_file from the mmap op, I think this reflects a bug in
mm/mmap.c.. Should be:
unmap_and_free_vma:
fput(vma->vm_file);
vma->vm_file = NULL;
Then everything works the way you'd expect without tricky error
handling
Jason
Powered by blists - more mailing lists