[ 66/68] mm: Hold a file reference in madvise_remove

From: Greg Kroah-Hartman
Date: Thu Jul 12 2012 - 19:06:00 EST

Next message: Greg Kroah-Hartman: "[ 53/68] ipheth: add support for iPad"
Previous message: Greg Kroah-Hartman: "[ 62/68] memory hotplug: fix invalid memory access caused by stale kswapd pointer"
In reply to: Greg Kroah-Hartman: "[ 62/68] memory hotplug: fix invalid memory access caused by stale kswapd pointer"
Next in thread: Herton Ronaldo Krzesinski: "Re: [ 66/68] mm: Hold a file reference in madvise_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>

3.0-stable review patch. If anyone has any objections, please let me know.

------------------

From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>

commit 9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb upstream.

Otherwise the code races with munmap (causing a use-after-free
of the vma) or with close (causing a use-after-free of the struct
file).

The bug was introduced by commit 90ed52ebe481 ("[PATCH] holepunch: fix
mmap_sem i_mutex deadlock")

[bwh: Backported to 3.2:
- Adjust context
- madvise_remove() calls vmtruncate_range(), not do_fallocate()]
[luto: Backported to 3.0: Adjust context]

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "[ 53/68] ipheth: add support for iPad"
Previous message: Greg Kroah-Hartman: "[ 62/68] memory hotplug: fix invalid memory access caused by stale kswapd pointer"
In reply to: Greg Kroah-Hartman: "[ 62/68] memory hotplug: fix invalid memory access caused by stale kswapd pointer"
Next in thread: Herton Ronaldo Krzesinski: "Re: [ 66/68] mm: Hold a file reference in madvise_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]