Re: [ 66/68] mm: Hold a file reference in madvise_remove
On Thu, Jul 12, 2012 at 04:02:40PM -0700, Greg Kroah-Hartman wrote:
> From: Greg KH
>
> 3.0-stable review patch. If anyone has any objections, please let me know.
>
> --
>
> From: Andy Lutomirski
>
> commit 9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb upstream.
>
> Otherwise the code races with munmap (causing a use-after-free
> of the vma) or with close (causing a use-after-free of the struct
> file).
>
> The bug was introduced by commit 90ed52ebe481 ("[PATCH] holepunch: fix
> mmap_sem i_mutex deadlock")
>
> [bwh: Backported to 3.2:
> - Adjust context
> - madvise_remove() calls vmtruncate_range(), not do_fallocate()]
> [luto: Backported to 3.0: Adjust context]
Didn't want to be annoying, but as I went looking sequentially,
I found missing diffs one by one... anyway this should be the last.
>
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
[]'s
Herton
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[ 66/68] mm: Hold a file reference in madvise_remove
From: Greg KH
3.0-stable review patch. If anyone has any objections, please let me know.
--
From: Andy Lutomirski
commit 9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb upstream.
Otherwise the code races with munmap (causing a use-after-free
of the vma) or with close (causing a use-after-free of the struct
file).
The bug was introduced by commit 90ed52ebe481 ("[PATCH] holepunch: fix
mmap_sem i_mutex deadlock")
[bwh: Backported to 3.2:
- Adjust context
- madvise_remove() calls vmtruncate_range(), not do_fallocate()]
[luto: Backported to 3.0: Adjust context]
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ 66/68] mm: Hold a file reference in madvise_remove
On Thu, Jul 12, 2012 at 04:02:40PM -0700, Greg Kroah-Hartman wrote: From: Greg KH gre...@linuxfoundation.org 3.0-stable review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski l...@amacapital.net commit 9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb upstream. Otherwise the code races with munmap (causing a use-after-free of the vma) or with close (causing a use-after-free of the struct file). The bug was introduced by commit 90ed52ebe481 ([PATCH] holepunch: fix mmap_sem i_mutex deadlock) [bwh: Backported to 3.2: - Adjust context - madvise_remove() calls vmtruncate_range(), not do_fallocate()] [luto: Backported to 3.0: Adjust context] Didn't want to be annoying, but as I went looking sequentially, I found missing diffs one by one... anyway this should be the last. -- To unsubscribe from this list: send the line unsubscribe stable in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- []'s Herton -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[ 66/68] mm: Hold a file reference in madvise_remove
From: Greg KH gre...@linuxfoundation.org 3.0-stable review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski l...@amacapital.net commit 9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb upstream. Otherwise the code races with munmap (causing a use-after-free of the vma) or with close (causing a use-after-free of the struct file). The bug was introduced by commit 90ed52ebe481 ([PATCH] holepunch: fix mmap_sem i_mutex deadlock) [bwh: Backported to 3.2: - Adjust context - madvise_remove() calls vmtruncate_range(), not do_fallocate()] [luto: Backported to 3.0: Adjust context] -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
