| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_8709932EFAAED0CCB0A7DEC6F592C9465306@qq.com>
Date: Sat, 28 Sep 2024 16:21:18 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+1cd571a672400ef3a930@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [integrity?] [lsm?] possible deadlock in process_measurement (4)
security_mmap_file() don't require protection from mm->mmap_lock, so we can
remove it when calling security_mmap_file.
#syz test
diff --git a/mm/mmap.c b/mm/mmap.c
index dd4b35a25aeb..97f5b150080b 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -1689,15 +1689,24 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
flags |= MAP_LOCKED;
file = get_file(vma->vm_file);
+
+ mmap_write_unlock(mm);
ret = security_mmap_file(vma->vm_file, prot, flags);
+ if (mmap_write_lock_killable(mm)) {
+ fput(file);
+ goto out_pop;
+ }
+
if (ret)
goto out_fput;
+
ret = do_mmap(vma->vm_file, start, size,
prot, flags, 0, pgoff, &populate, NULL);
out_fput:
fput(file);
out:
mmap_write_unlock(mm);
+out_pop:
if (populate)
mm_populate(ret, populate);
if (!IS_ERR_VALUE(ret))
Powered by blists - more mailing lists