Re: [PATCH] proc: put check_mem_permission before __get_free_pagein mem_read

From: Hugh Dickins
Date: Tue Apr 26 2011 - 16:19:43 EST

Next message: KY Srinivasan: "RE: [PATCH 18/25] Staging: hv: Get rid of struct hv_bus"
Previous message: Michal Marek: "Re: [PATCH] kbuild: allow headerdep to work in KBUILD_OUTPUT andadd targets to PHONY"
In reply to: Stephen Wilson: "Re: [PATCH] proc: put check_mem_permission before __get_free_pagein mem_read"
Next in thread: Jovi Zhang: "Re: [PATCH] proc: put check_mem_permission before __get_free_page in mem_read"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 26 Apr 2011, KOSAKI Motohiro wrote:
>
> From 74f827ce74e1c4f846905e940edfa5f639b5a2ce Mon Sep 17 00:00:00 2001
> From: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx>
> Date: Tue, 26 Apr 2011 13:57:02 +0900
> Subject: [PATCH] [PATCH] proc: put check_mem_permission after __get_free_page in mem_write
>
> It should be better if put check_mem_permission after __get_free_page
> in mem_write, to be same as function mem_read.
>
> Hugh Dickins explained the reason.
>
> check_mem_permission gets a reference to the mm. If we __get_free_page
> after check_mem_permission, imagine what happens if the system is out
> of memory, and the mm we're looking at is selected for killing by the
> OOM killer: while we wait in __get_free_page for more memory, no memory
> is freed from the selected mm because it cannot reach exit_mmap while
> we hold that reference.
>
>
> Reported-by: Jovi Zhang <bookjovi@xxxxxxxxx>
> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx>
> Cc: Hugh Dickins <hughd@xxxxxxxxxx>
> Cc: Stephen Wilson <wilsons@xxxxxxxx>

Thank you, yes!

Acked-by: Hugh Dickins <hughd@xxxxxxxxxx>

> ---
> fs/proc/base.c | 16 +++++++++-------
> 1 files changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index 4deef2e..e93be6e 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -894,20 +894,20 @@ static ssize_t mem_write(struct file * file, const char __user *buf,
> if (!task)
> goto out_no_task;
>
> + copied = -ENOMEM;
> + page = (char *)__get_free_page(GFP_TEMPORARY);
> + if (!page)
> + goto out_task;
> +
> mm = check_mem_permission(task);
> copied = PTR_ERR(mm);
> if (IS_ERR(mm))
> - goto out_task;
> + goto out_free;
>
> copied = -EIO;
> if (file->private_data != (void *)((long)current->self_exec_id))
> goto out_mm;
>
> - copied = -ENOMEM;
> - page = (char *)__get_free_page(GFP_TEMPORARY);
> - if (!page)
> - goto out_mm;
> -
> copied = 0;
> while (count > 0) {
> int this_len, retval;
> @@ -929,9 +929,11 @@ static ssize_t mem_write(struct file * file, const char __user *buf,
> count -= retval;
> }
> *ppos = dst;
> - free_page((unsigned long) page);
> +
> out_mm:
> mmput(mm);
> +out_free:
> + free_page((unsigned long) page);
> out_task:
> put_task_struct(task);
> out_no_task:
> --
> 1.7.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: KY Srinivasan: "RE: [PATCH 18/25] Staging: hv: Get rid of struct hv_bus"
Previous message: Michal Marek: "Re: [PATCH] kbuild: allow headerdep to work in KBUILD_OUTPUT andadd targets to PHONY"
In reply to: Stephen Wilson: "Re: [PATCH] proc: put check_mem_permission before __get_free_pagein mem_read"
Next in thread: Jovi Zhang: "Re: [PATCH] proc: put check_mem_permission before __get_free_page in mem_read"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]