lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Mar 2022 09:08:08 +0100 From: Michal Hocko <mhocko@...e.com> To: Miaohe Lin <linmiaohe@...wei.com> Cc: akpm@...ux-foundation.org, kosaki.motohiro@...fujitsu.com, mgorman@...e.de, linux-mm@...ck.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] mm/mempolicy: fix mpol_new leak in shared_policy_replace On Tue 22-03-22 09:50:35, Miaohe Lin wrote: > On 2022/3/21 20:12, Michal Hocko wrote: > > On Tue 22-03-22 16:34:56, Miaohe Lin wrote: > >> If mpol_new is allocated but not used in restart loop, mpol_new will be > >> freed via mpol_put before returning to the caller. But refcnt is not > >> initialized yet, so mpol_put could not do the right things and might leak > >> the unused mpol_new. > > > > I would just add: > > > > This would happen if mempolicy was updated on the shared shmem file > > while the sp->lock has been dropped during the memory allocation. > > > > Do you mean the below commit log? > > """ > If mpol_new is allocated but not used in restart loop, mpol_new will be > freed via mpol_put before returning to the caller. But refcnt is not > initialized yet, so mpol_put could not do the right things and might leak > the unused mpol_new. This would happen if mempolicy was updated on the > shared shmem file while the sp->lock has been dropped during the memory > allocation. > > This issue could be triggered easily with the below code snippet if > there're many processes doing the below work at the same time: > > shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT); > shm = shmat(shmid, 0, 0); > loop many times { > mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0); > mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask, > maxnode, 0); > } > """ Yes, LGTM. Thanks! -- Michal Hocko SUSE Labs
Powered by blists - more mailing lists