lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240806221454.1971755-1-pasha.tatashin@soleen.com>
Date: Tue,  6 Aug 2024 22:14:53 +0000
From: Pasha Tatashin <pasha.tatashin@...een.com>
To: agordeev@...ux.ibm.com,
	akpm@...ux-foundation.org,
	alexghiti@...osinc.com,
	aou@...s.berkeley.edu,
	ardb@...nel.org,
	arnd@...db.de,
	bhe@...hat.com,
	bjorn@...osinc.com,
	borntraeger@...ux.ibm.com,
	bp@...en8.de,
	catalin.marinas@....com,
	chenhuacai@...nel.org,
	chenjiahao16@...wei.com,
	christophe.leroy@...roup.eu,
	dave.hansen@...ux.intel.com,
	david@...hat.com,
	dawei.li@...ngroup.cn,
	gerald.schaefer@...ux.ibm.com,
	gor@...ux.ibm.com,
	hca@...ux.ibm.com,
	hpa@...or.com,
	kent.overstreet@...ux.dev,
	kernel@...0n.name,
	linux-arm-kernel@...ts.infradead.org,
	linux-kernel@...r.kernel.org,
	linux-mm@...ck.org,
	linuxppc-dev@...ts.ozlabs.org,
	linux-riscv@...ts.infradead.org,
	linux-s390@...r.kernel.org,
	loongarch@...ts.linux.dev,
	luto@...nel.org,
	maobibo@...ngson.cn,
	mark.rutland@....com,
	mcgrof@...nel.org,
	mingo@...hat.com,
	mpe@...erman.id.au,
	muchun.song@...ux.dev,
	namcao@...utronix.de,
	naveen@...nel.org,
	npiggin@...il.com,
	osalvador@...e.de,
	palmer@...belt.com,
	pasha.tatashin@...een.com,
	paul.walmsley@...ive.com,
	peterz@...radead.org,
	philmd@...aro.org,
	rdunlap@...radead.org,
	rientjes@...gle.com,
	rppt@...nel.org,
	ryan.roberts@....com,
	souravpanda@...gle.com,
	svens@...ux.ibm.com,
	tglx@...utronix.de,
	tzimmermann@...e.de,
	will@...nel.org,
	x86@...nel.org
Subject: [PATCH 1/2] mm: update the memmap stat before page is freed

It is more logical to update the stat before the page is freed, to avoid
use after free scenarios.

Fixes: 15995a352474 ("mm: report per-page metadata information")
Signed-off-by: Pasha Tatashin <pasha.tatashin@...een.com>
---
 mm/hugetlb_vmemmap.c | 4 ++--
 mm/page_ext.c        | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/mm/hugetlb_vmemmap.c b/mm/hugetlb_vmemmap.c
index 829112b0a914..fa83a7b38199 100644
--- a/mm/hugetlb_vmemmap.c
+++ b/mm/hugetlb_vmemmap.c
@@ -185,11 +185,11 @@ static int vmemmap_remap_range(unsigned long start, unsigned long end,
 static inline void free_vmemmap_page(struct page *page)
 {
 	if (PageReserved(page)) {
-		free_bootmem_page(page);
 		mod_node_page_state(page_pgdat(page), NR_MEMMAP_BOOT, -1);
+		free_bootmem_page(page);
 	} else {
-		__free_page(page);
 		mod_node_page_state(page_pgdat(page), NR_MEMMAP, -1);
+		__free_page(page);
 	}
 }
 
diff --git a/mm/page_ext.c b/mm/page_ext.c
index c191e490c401..962d45eee1f8 100644
--- a/mm/page_ext.c
+++ b/mm/page_ext.c
@@ -330,18 +330,18 @@ static void free_page_ext(void *addr)
 	if (is_vmalloc_addr(addr)) {
 		page = vmalloc_to_page(addr);
 		pgdat = page_pgdat(page);
+		mod_node_page_state(pgdat, NR_MEMMAP,
+				    -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
 		vfree(addr);
 	} else {
 		page = virt_to_page(addr);
 		pgdat = page_pgdat(page);
+		mod_node_page_state(pgdat, NR_MEMMAP,
+				    -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
 		BUG_ON(PageReserved(page));
 		kmemleak_free(addr);
 		free_pages_exact(addr, table_size);
 	}
-
-	mod_node_page_state(pgdat, NR_MEMMAP,
-			    -1L * (DIV_ROUND_UP(table_size, PAGE_SIZE)));
-
 }
 
 static void __free_page_ext(unsigned long pfn)
-- 
2.46.0.76.ge559c4bf1a-goog


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ