From: Andrew Morton <akpm@linux-foundation.org>
To: Nick Piggin <npiggin@suse.de>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
Linux Filesystems <linux-fsdevel@vger.kernel.org>,
Linux Memory Management <linux-mm@kvack.org>
Subject: Re: [patch 1/9] fs: libfs buffered write leak fix
Date: Fri, 2 Feb 2007 15:52:36 -0800 [thread overview]
Message-ID: <20070202155236.dae54aa2.akpm@linux-foundation.org> (raw)
In-Reply-To: <20070129081914.23584.23886.sendpatchset@linux.site>
On Mon, 29 Jan 2007 11:31:46 +0100 (CET)
Nick Piggin <npiggin@suse.de> wrote:
> simple_prepare_write and nobh_prepare_write leak uninitialised kernel data.
They do? Under what situation?
> Fix the former,
How?
> make a note of the latter. Several other filesystems seem
> to be iffy here, too.
Please, tell us what the bug is so that others have a chance of reviewing
and, if needed, fixing those other filesystems.
> --- linux-2.6.orig/fs/libfs.c
> +++ linux-2.6/fs/libfs.c
> @@ -327,32 +327,35 @@ int simple_readpage(struct file *file, s
> int simple_prepare_write(struct file *file, struct page *page,
> unsigned from, unsigned to)
> {
> - if (!PageUptodate(page)) {
> - if (to - from != PAGE_CACHE_SIZE) {
> - void *kaddr = kmap_atomic(page, KM_USER0);
> - memset(kaddr, 0, from);
> - memset(kaddr + to, 0, PAGE_CACHE_SIZE - to);
> - flush_dcache_page(page);
> - kunmap_atomic(kaddr, KM_USER0);
> - }
> + if (PageUptodate(page))
> + return 0;
> +
> + if (to - from != PAGE_CACHE_SIZE) {
> + clear_highpage(page);
> + flush_dcache_page(page);
> SetPageUptodate(page);
> }
memclear_highpage_flush() is fashionable.
> ===================================================================
> --- linux-2.6.orig/fs/buffer.c
> +++ linux-2.6/fs/buffer.c
> @@ -2344,6 +2344,8 @@ int nobh_prepare_write(struct page *page
>
> if (is_mapped_to_disk)
> SetPageMappedToDisk(page);
> +
> + /* XXX: information leak vs read(2) */
> SetPageUptodate(page);
>
> /*
That comment is too terse to be useful.
WARNING: multiple messages have this Message-ID (diff)
From: Andrew Morton <akpm@linux-foundation.org>
To: Nick Piggin <npiggin@suse.de>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
Linux Filesystems <linux-fsdevel@vger.kernel.org>,
Linux Memory Management <linux-mm@kvack.org>
Subject: Re: [patch 1/9] fs: libfs buffered write leak fix
Date: Fri, 2 Feb 2007 15:52:36 -0800 [thread overview]
Message-ID: <20070202155236.dae54aa2.akpm@linux-foundation.org> (raw)
In-Reply-To: <20070129081914.23584.23886.sendpatchset@linux.site>
On Mon, 29 Jan 2007 11:31:46 +0100 (CET)
Nick Piggin <npiggin@suse.de> wrote:
> simple_prepare_write and nobh_prepare_write leak uninitialised kernel data.
They do? Under what situation?
> Fix the former,
How?
> make a note of the latter. Several other filesystems seem
> to be iffy here, too.
Please, tell us what the bug is so that others have a chance of reviewing
and, if needed, fixing those other filesystems.
> --- linux-2.6.orig/fs/libfs.c
> +++ linux-2.6/fs/libfs.c
> @@ -327,32 +327,35 @@ int simple_readpage(struct file *file, s
> int simple_prepare_write(struct file *file, struct page *page,
> unsigned from, unsigned to)
> {
> - if (!PageUptodate(page)) {
> - if (to - from != PAGE_CACHE_SIZE) {
> - void *kaddr = kmap_atomic(page, KM_USER0);
> - memset(kaddr, 0, from);
> - memset(kaddr + to, 0, PAGE_CACHE_SIZE - to);
> - flush_dcache_page(page);
> - kunmap_atomic(kaddr, KM_USER0);
> - }
> + if (PageUptodate(page))
> + return 0;
> +
> + if (to - from != PAGE_CACHE_SIZE) {
> + clear_highpage(page);
> + flush_dcache_page(page);
> SetPageUptodate(page);
> }
memclear_highpage_flush() is fashionable.
> ===================================================================
> --- linux-2.6.orig/fs/buffer.c
> +++ linux-2.6/fs/buffer.c
> @@ -2344,6 +2344,8 @@ int nobh_prepare_write(struct page *page
>
> if (is_mapped_to_disk)
> SetPageMappedToDisk(page);
> +
> + /* XXX: information leak vs read(2) */
> SetPageUptodate(page);
>
> /*
That comment is too terse to be useful.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2007-02-02 23:52 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-29 10:31 [patch 0/9] buffered write deadlock fix Nick Piggin
2007-01-29 10:31 ` Nick Piggin
2007-01-29 10:31 ` [patch 1/9] fs: libfs buffered write leak fix Nick Piggin
2007-01-29 10:31 ` Nick Piggin
2007-02-02 23:52 ` Andrew Morton [this message]
2007-02-02 23:52 ` Andrew Morton
2007-02-03 1:33 ` Nick Piggin
2007-02-03 1:33 ` Nick Piggin
2007-02-03 1:58 ` Andrew Morton
2007-02-03 1:58 ` Andrew Morton
2007-02-03 2:09 ` Nick Piggin
2007-02-03 2:09 ` Nick Piggin
2007-02-03 2:19 ` Andrew Morton
2007-02-03 2:19 ` Andrew Morton
2007-02-03 2:28 ` Nick Piggin
2007-02-03 2:28 ` Nick Piggin
2007-02-03 17:49 ` Jörn Engel
2007-02-03 17:49 ` Jörn Engel
2007-02-04 3:55 ` Nick Piggin
2007-02-04 3:55 ` Nick Piggin
2007-02-04 3:55 ` Nick Piggin
2007-01-29 10:31 ` [patch 2/9] mm: revert "generic_file_buffered_write(): handle zero length iovec segments" Nick Piggin
2007-01-29 10:31 ` Nick Piggin, Andrew Morton
2007-01-29 10:32 ` [patch 3/9] mm: revert "generic_file_buffered_write(): deadlock on vectored write" Nick Piggin
2007-01-29 10:32 ` Nick Piggin, Andrew Morton
2007-01-29 10:32 ` [patch 4/9] mm: generic_file_buffered_write cleanup Nick Piggin
2007-01-29 10:32 ` Nick Piggin, Andrew Morton
2007-01-29 10:32 ` [patch 5/9] mm: debug write deadlocks Nick Piggin
2007-01-29 10:32 ` Nick Piggin
2007-01-29 10:32 ` [patch 6/9] mm: be sure to trim blocks Nick Piggin
2007-01-29 10:32 ` Nick Piggin
2007-01-29 10:32 ` [patch 7/9] mm: cleanup pagecache insertion operations Nick Piggin
2007-01-29 10:32 ` Nick Piggin
2007-01-29 10:32 ` [patch 8/9] mm: generic_file_buffered_write iovec cleanup Nick Piggin
2007-01-29 10:32 ` Nick Piggin
2007-01-29 10:33 ` [patch 9/9] mm: fix pagecache write deadlocks Nick Piggin
2007-01-29 10:33 ` Nick Piggin
2007-01-29 11:11 ` Nick Piggin
2007-01-29 11:11 ` Nick Piggin
2007-02-02 23:53 ` Andrew Morton
2007-02-02 23:53 ` Andrew Morton
2007-02-03 1:38 ` Nick Piggin
2007-02-03 1:38 ` Nick Piggin
2007-01-30 20:55 ` [patch 0/9] buffered write deadlock fix Andrew Morton
2007-01-30 20:55 ` Andrew Morton
2007-01-30 23:21 ` Andrew Morton
2007-01-30 23:21 ` Andrew Morton
2007-01-31 1:31 ` Nick Piggin
2007-01-31 1:31 ` Nick Piggin
2007-01-31 0:32 ` Nick Piggin
2007-01-31 0:32 ` Nick Piggin
2007-02-02 23:52 ` Andrew Morton
2007-02-02 23:52 ` Andrew Morton
2007-02-03 1:22 ` Nick Piggin
2007-02-03 1:22 ` Nick Piggin
2007-02-03 6:43 ` Suparna Bhattacharya
2007-02-03 6:43 ` Suparna Bhattacharya
2007-02-03 15:31 ` Fengguang Wu
2007-02-03 15:31 ` Fengguang Wu
2007-02-03 15:31 ` Fengguang Wu
-- strict thread matches above, loose matches on Subject: below --
2007-02-04 8:49 Nick Piggin
2007-02-04 8:49 ` [patch 1/9] fs: libfs buffered write leak fix Nick Piggin
2007-02-04 8:49 ` Nick Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070202155236.dae54aa2.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=npiggin@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.