From: Al Viro <viro@ZenIV.linux.org.uk>
To: Fengwei Yin <yfw.kernel@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Fix seq_read dead loop and trigger memory allocation failure.
Date: Wed, 23 Apr 2014 22:58:04 +0100 [thread overview]
Message-ID: <20140423215804.GU18016@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1398089562-5925-1-git-send-email-yfw.kernel@gmail.com>
On Mon, Apr 21, 2014 at 10:12:42PM +0800, Fengwei Yin wrote:
> When dump /proc/xxx/maps, if d_path return error in seq_path, the
> buffer will be exhaust and trigger dead loop in seq_read. Till
> kmalloc fails with -ENOMEM.
*WHAT* d_path error? -ENAMETOOLONG, aka. "you've got too little space"?
> @@ -295,8 +295,16 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
> * special [heap] marker for the heap:
> */
> if (file) {
> + size_t sz;
> seq_pad(m, ' ');
> - seq_path(m, &file->f_path, "\n");
> + /* Save current count. Once seq_path return negtive value,
> + * we need to restore saved count. Otherwise, seq_path will
> + * exhaust the buffer and make seq_read dead loop till
> + * m->buff allocation failure.
> + */
> + sz = m->count;
> + if (seq_path(m, &file->f_path, "\n") < 0)
> + m->count = sz;
NAK. No way in hell. Any code playing with m->count that way is broken.
Post the reproducer for that infinite loop; then we'll be able to see
what triggers an impossible error from d_path(). _That_ is where the bug
is, assuming it exists at all.
next prev parent reply other threads:[~2014-04-23 21:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-21 14:12 [PATCH] Fix seq_read dead loop and trigger memory allocation failure Fengwei Yin
2014-04-23 21:58 ` Al Viro [this message]
2014-04-24 14:26 ` Fengwei Yin
2014-04-24 16:29 ` Al Viro
2014-04-24 22:48 ` Fengwei Yin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140423215804.GU18016@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=yfw.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.