Re: [PATCH] mm: pagewalk: prevent positive return value of walk_page_test() from being passed to callers (Re: [PATCH] mm: fix do_mbind return value)
On Thu, 5 Mar 2015, Naoya Horiguchi wrote:
> walk_page_test() is purely pagewalk's internal stuff, and its positive return
> values are not intended to be passed to the callers of pagewalk. However, in
> the current code if the last vma in the do-while loop in walk_page_range()
> happens to return a positive value, it leaks outside walk_page_range().
> So the user visible effect is invalid/unexpected return value (according to
> the reporter, mbind() causes it.)
>
> This patch fixes it simply by reinitializing the return value after checked.
>
> Another exposed interface, walk_page_vma(), already returns 0 for such cases
> so no problem.
>
> Fixes: 6f4576e3687b ("mempolicy: apply page table walker on
> queue_pages_range()")
> Reported-by: Kazutomo Yoshii
> Signed-off-by: Naoya Horiguchi
Acked-by: David Rientjes
This is exactly what I had in mind, thanks for fixing it up so fast!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] mm: pagewalk: prevent positive return value of walk_page_test() from being passed to callers (Re: [PATCH] mm: fix do_mbind return value)
> > From 107fa3fb256bddff40a882c90af717af9863aed7 Mon Sep 17 00:00:00 2001
> > From: Naoya Horiguchi
> > Date: Thu, 5 Mar 2015 16:37:37 +0900
> > Subject: [PATCH] mm: pagewalk: prevent positive return value of
> > walk_page_test() from being passed to callers
> >
> > walk_page_test() is purely pagewalk's internal stuff, and its positive
> > return
> > values are not intended to be passed to the callers of pagewalk. However, in
> > the current code if the last vma in the do-while loop in walk_page_range()
> > happens to return a positive value, it leaks outside walk_page_range().
> > So the user visible effect is invalid/unexpected return value (according to
> > the reporter, mbind() causes it.)
> >
> > This patch fixes it simply by reinitializing the return value after checked.
> >
> > Another exposed interface, walk_page_vma(), already returns 0 for such cases
> > so no problem.
> >
> > Fixes: 6f4576e3687b ("mempolicy: apply page table walker on
> > queue_pages_range()")
>
> This is not a right tag. To be precise, the bug was introduced by commit
> fafaa4264eba ("pagewalk: improve vma handling"), so
>
> Fixes fafaa4264eba ("pagewalk: improve vma handling")
>
> is right.
>
> Thanks,
> Naoya Horiguchi
>
> > Reported-by: Kazutomo Yoshii
Ah, I might be a kind of rude, the original idea was posted by Yoshii-san,
and I changed it, so I may as well add his Signed-off-by (additional to
Reported-by) ?--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] mm: pagewalk: prevent positive return value of walk_page_test() from being passed to callers (Re: [PATCH] mm: fix do_mbind return value)
On Thu, Mar 05, 2015 at 08:02:27AM +, Horiguchi Naoya(堀口 直也) wrote:
...
> ---
> From 107fa3fb256bddff40a882c90af717af9863aed7 Mon Sep 17 00:00:00 2001
> From: Naoya Horiguchi
> Date: Thu, 5 Mar 2015 16:37:37 +0900
> Subject: [PATCH] mm: pagewalk: prevent positive return value of
> walk_page_test() from being passed to callers
>
> walk_page_test() is purely pagewalk's internal stuff, and its positive return
> values are not intended to be passed to the callers of pagewalk. However, in
> the current code if the last vma in the do-while loop in walk_page_range()
> happens to return a positive value, it leaks outside walk_page_range().
> So the user visible effect is invalid/unexpected return value (according to
> the reporter, mbind() causes it.)
>
> This patch fixes it simply by reinitializing the return value after checked.
>
> Another exposed interface, walk_page_vma(), already returns 0 for such cases
> so no problem.
>
> Fixes: 6f4576e3687b ("mempolicy: apply page table walker on
> queue_pages_range()")
This is not a right tag. To be precise, the bug was introduced by commit
fafaa4264eba ("pagewalk: improve vma handling"), so
Fixes fafaa4264eba ("pagewalk: improve vma handling")
is right.
Thanks,
Naoya Horiguchi
> Reported-by: Kazutomo Yoshii
> Signed-off-by: Naoya Horiguchi
> ---
> mm/pagewalk.c | 9 -
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/mm/pagewalk.c b/mm/pagewalk.c
> index 75c1f2878519..29f2f8b853ae 100644
> --- a/mm/pagewalk.c
> +++ b/mm/pagewalk.c
> @@ -265,8 +265,15 @@ int walk_page_range(unsigned long start, unsigned long
> end,
> vma = vma->vm_next;
>
> err = walk_page_test(start, next, walk);
> - if (err > 0)
> + if (err > 0) {
> + /*
> + * positive return values are purely for
> + * controlling the pagewalk, so should never
> + * be passed to the callers.
> + */
> + err = 0;
> continue;
> + }
> if (err < 0)
> break;
> }
> --
> 1.9.3
>
Re: [PATCH] mm: pagewalk: prevent positive return value of walk_page_test() from being passed to callers (Re: [PATCH] mm: fix do_mbind return value)
On Thu, 5 Mar 2015, Naoya Horiguchi wrote: walk_page_test() is purely pagewalk's internal stuff, and its positive return values are not intended to be passed to the callers of pagewalk. However, in the current code if the last vma in the do-while loop in walk_page_range() happens to return a positive value, it leaks outside walk_page_range(). So the user visible effect is invalid/unexpected return value (according to the reporter, mbind() causes it.) This patch fixes it simply by reinitializing the return value after checked. Another exposed interface, walk_page_vma(), already returns 0 for such cases so no problem. Fixes: 6f4576e3687b (mempolicy: apply page table walker on queue_pages_range()) Reported-by: Kazutomo Yoshii kazutomo.yos...@gmail.com Signed-off-by: Naoya Horiguchi n-horigu...@ah.jp.nec.com Acked-by: David Rientjes rient...@google.com This is exactly what I had in mind, thanks for fixing it up so fast! -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] mm: pagewalk: prevent positive return value of walk_page_test() from being passed to callers (Re: [PATCH] mm: fix do_mbind return value)
From 107fa3fb256bddff40a882c90af717af9863aed7 Mon Sep 17 00:00:00 2001 From: Naoya Horiguchi n-horigu...@ah.jp.nec.com Date: Thu, 5 Mar 2015 16:37:37 +0900 Subject: [PATCH] mm: pagewalk: prevent positive return value of walk_page_test() from being passed to callers walk_page_test() is purely pagewalk's internal stuff, and its positive return values are not intended to be passed to the callers of pagewalk. However, in the current code if the last vma in the do-while loop in walk_page_range() happens to return a positive value, it leaks outside walk_page_range(). So the user visible effect is invalid/unexpected return value (according to the reporter, mbind() causes it.) This patch fixes it simply by reinitializing the return value after checked. Another exposed interface, walk_page_vma(), already returns 0 for such cases so no problem. Fixes: 6f4576e3687b (mempolicy: apply page table walker on queue_pages_range()) This is not a right tag. To be precise, the bug was introduced by commit fafaa4264eba (pagewalk: improve vma handling), so Fixes fafaa4264eba (pagewalk: improve vma handling) is right. Thanks, Naoya Horiguchi Reported-by: Kazutomo Yoshii kazutomo.yos...@gmail.com Ah, I might be a kind of rude, the original idea was posted by Yoshii-san, and I changed it, so I may as well add his Signed-off-by (additional to Reported-by) ?-- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] mm: pagewalk: prevent positive return value of walk_page_test() from being passed to callers (Re: [PATCH] mm: fix do_mbind return value)
On Thu, Mar 05, 2015 at 08:02:27AM +, Horiguchi Naoya(堀口 直也) wrote:
...
---
From 107fa3fb256bddff40a882c90af717af9863aed7 Mon Sep 17 00:00:00 2001
From: Naoya Horiguchi n-horigu...@ah.jp.nec.com
Date: Thu, 5 Mar 2015 16:37:37 +0900
Subject: [PATCH] mm: pagewalk: prevent positive return value of
walk_page_test() from being passed to callers
walk_page_test() is purely pagewalk's internal stuff, and its positive return
values are not intended to be passed to the callers of pagewalk. However, in
the current code if the last vma in the do-while loop in walk_page_range()
happens to return a positive value, it leaks outside walk_page_range().
So the user visible effect is invalid/unexpected return value (according to
the reporter, mbind() causes it.)
This patch fixes it simply by reinitializing the return value after checked.
Another exposed interface, walk_page_vma(), already returns 0 for such cases
so no problem.
Fixes: 6f4576e3687b (mempolicy: apply page table walker on
queue_pages_range())
This is not a right tag. To be precise, the bug was introduced by commit
fafaa4264eba (pagewalk: improve vma handling), so
Fixes fafaa4264eba (pagewalk: improve vma handling)
is right.
Thanks,
Naoya Horiguchi
Reported-by: Kazutomo Yoshii kazutomo.yos...@gmail.com
Signed-off-by: Naoya Horiguchi n-horigu...@ah.jp.nec.com
---
mm/pagewalk.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/mm/pagewalk.c b/mm/pagewalk.c
index 75c1f2878519..29f2f8b853ae 100644
--- a/mm/pagewalk.c
+++ b/mm/pagewalk.c
@@ -265,8 +265,15 @@ int walk_page_range(unsigned long start, unsigned long
end,
vma = vma-vm_next;
err = walk_page_test(start, next, walk);
- if (err 0)
+ if (err 0) {
+ /*
+ * positive return values are purely for
+ * controlling the pagewalk, so should never
+ * be passed to the callers.
+ */
+ err = 0;
continue;
+ }
if (err 0)
break;
}
--
1.9.3
