| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240806221454.1971755-1-pasha.tatashin@soleen.com>
Date: Tue, 6 Aug 2024 22:14:53 +0000
From: Pasha Tatashin <pasha.tatashin@...een.com>
To: agordeev@...ux.ibm.com,
akpm@...ux-foundation.org,
alexghiti@...osinc.com,
aou@...s.berkeley.edu,
ardb@...nel.org,
arnd@...db.de,
bhe@...hat.com,
bjorn@...osinc.com,
borntraeger@...ux.ibm.com,
bp@...en8.de,
catalin.marinas@....com,
chenhuacai@...nel.org,
chenjiahao16@...wei.com,
christophe.leroy@...roup.eu,
dave.hansen@...ux.intel.com,
david@...hat.com,
dawei.li@...ngroup.cn,
gerald.schaefer@...ux.ibm.com,
gor@...ux.ibm.com,
hca@...ux.ibm.com,
hpa@...or.com,
kent.overstreet@...ux.dev,
kernel@...0n.name,
linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org,
linux-mm@...ck.org,
linuxppc-dev@...ts.ozlabs.org,
linux-riscv@...ts.infradead.org,
linux-s390@...r.kernel.org,
loongarch@...ts.linux.dev,
luto@...nel.org,
maobibo@...ngson.cn,
mark.rutland@....com,
mcgrof@...nel.org,
mingo@...hat.com,
mpe@...erman.id.au,
muchun.song@...ux.dev,
namcao@...utronix.de,
naveen@...nel.org,
npiggin@...il.com,
osalvador@...e.de,
palmer@...belt.com,
pasha.tatashin@...een.com,
paul.walmsley@...ive.com,
peterz@...radead.org,
philmd@...aro.org,
rdunlap@...radead.org,
rientjes@...gle.com,
rppt@...nel.org,
ryan.roberts@....com,
souravpanda@...gle.com,
svens@...ux.ibm.com,
tglx@...utronix.de,
tzimmermann@...e.de,
will@...nel.org,
x86@...nel.org
Subject: [PATCH 1/2] mm: update the memmap stat before page is freed
It is more logical to update the stat before the page is freed, to avoid
use after free scenarios.
Fixes: 15995a352474 ("mm: report per-page metadata information")
Signed-off-by: Pasha Tatashin <pasha.tatashin@...een.com>
---
mm/hugetlb_vmemmap.c | 4 ++--
mm/page_ext.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/mm/hugetlb_vmemmap.c b/mm/hugetlb_vmemmap.c
index 829112b0a914..fa83a7b38199 100644
--- a/mm/hugetlb_vmemmap.c
+++ b/mm/hugetlb_vmemmap.c
@@ -185,11 +185,11 @@ static int vmemmap_remap_range(unsigned long start, unsigned long end,
static inline void free_vmemmap_page(struct page *page)
{
if (PageReserved(page)) {
- free_bootmem_page(page);
mod_node_page_state(page_pgdat(page), NR_MEMMAP_BOOT, -1);
+ free_bootmem_page(page);
} else {
- __free_page(page);
mod_node_page_state(page_pgdat(page), NR_MEMMAP, -1);
+ __free_page(page);
}
}
diff --git a/mm/page_ext.c b/mm/page_ext.c
index c191e490c401..962d45eee1f8 100644
--- a/mm/page_ext.c
+++ b/mm/page_ext.c
@@ -330,18 +330,18 @@ static void free_page_ext(void *addr)
if (is_vmalloc_addr(addr)) {
page = vmalloc_to_page(addr);
pgdat = page_pgdat(page);
+ mod_node_page_state(pgdat, NR_MEMMAP,
+ -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
vfree(addr);
} else {
page = virt_to_page(addr);
pgdat = page_pgdat(page);
+ mod_node_page_state(pgdat, NR_MEMMAP,
+ -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
BUG_ON(PageReserved(page));
kmemleak_free(addr);
free_pages_exact(addr, table_size);
}
-
- mod_node_page_state(pgdat, NR_MEMMAP,
- -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
-
}
static void __free_page_ext(unsigned long pfn)
--
2.46.0.76.ge559c4bf1a-goog
Powered by blists - more mailing lists