From: Fengwei Yin <yfw.kernel@gmail.com>
To: linux-kernel@vger.kernel.org
Subject: [PATCH] Fix seq_read dead loop and trigger memory allocation failure.
Date: Mon, 21 Apr 2014 22:12:42 +0800 [thread overview]
Message-ID: <1398089562-5925-1-git-send-email-yfw.kernel@gmail.com> (raw)
When dump /proc/xxx/maps, if d_path return error in seq_path, the
buffer will be exhaust and trigger dead loop in seq_read. Till
kmalloc fails with -ENOMEM.
Saving and restoring the m->count to avoid the dead loop in seq_read
if d_path return error.
Signed-off-by: Fengwei Yin <yfw.kernel@gmail.com>
---
fs/proc/task_mmu.c | 10 +++++++++-
fs/proc/task_nommu.c | 10 +++++++++-
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 442177b..a080531 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -295,8 +295,16 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
* special [heap] marker for the heap:
*/
if (file) {
+ size_t sz;
seq_pad(m, ' ');
- seq_path(m, &file->f_path, "\n");
+ /* Save current count. Once seq_path return negtive value,
+ * we need to restore saved count. Otherwise, seq_path will
+ * exhaust the buffer and make seq_read dead loop till
+ * m->buff allocation failure.
+ */
+ sz = m->count;
+ if (seq_path(m, &file->f_path, "\n") < 0)
+ m->count = sz;
goto done;
}
diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
index 678455d..0d4d6e0 100644
--- a/fs/proc/task_nommu.c
+++ b/fs/proc/task_nommu.c
@@ -160,8 +160,16 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma,
MAJOR(dev), MINOR(dev), ino);
if (file) {
+ size_t sz;
seq_pad(m, ' ');
- seq_path(m, &file->f_path, "");
+ /* Save current count. Once seq_path return negtive value,
+ * we need to restore saved count. Otherwise, seq_path will
+ * exhaust the buffer and make seq_read dead loop till
+ * m->buff allocation failure.
+ */
+ sz = m->count;
+ if (seq_path(m, &file->f_path, "\n") < 0)
+ m->count = sz;
} else if (mm) {
pid_t tid = vm_is_stack(priv->task, vma, is_pid);
--
1.8.3.2
next reply other threads:[~2014-04-21 14:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-21 14:12 Fengwei Yin [this message]
2014-04-23 21:58 ` [PATCH] Fix seq_read dead loop and trigger memory allocation failure Al Viro
2014-04-24 14:26 ` Fengwei Yin
2014-04-24 16:29 ` Al Viro
2014-04-24 22:48 ` Fengwei Yin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1398089562-5925-1-git-send-email-yfw.kernel@gmail.com \
--to=yfw.kernel@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.