From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754236AbbGIWEB (ORCPT ); Thu, 9 Jul 2015 18:04:01 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36934 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751528AbbGIWEA (ORCPT ); Thu, 9 Jul 2015 18:04:00 -0400 Date: Fri, 10 Jul 2015 00:02:25 +0200 From: Oleg Nesterov To: Andy Lutomirski Cc: Ingo Molnar , Srikar Dronamraju , "Kirill A. Shutemov" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH 1/3] uprobes: fix the usage of install_special_mapping() Message-ID: <20150709220225.GB15485@redhat.com> References: <20150709214431.GA14997@redhat.com> <20150709214446.GA15011@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/09, Andy Lutomirski wrote: > > On Thu, Jul 9, 2015 at 2:44 PM, Oleg Nesterov wrote: > > install_special_mapping(pages) expects that "pages" is the zero- > > terminated array while xol_add_vma() passes &area->page, this means > > that special_mapping_fault() can wrongly use the next member in > > xol_area (vaddr) as "struct page *". > > > > Fortunately, this area is not expandable so pgoff != 0 isn't possible > > (modulo bugs in special_mapping_vmops), but still this does not look > > good. > > > > I fell for that awhile back, too, causing a bizarre HPET bug. I guess you mean no_pages[] = {NULL} in map_vdso() ? uprobes differs, I think pgoff != 0 is not actually possible (assuming we fix special_mapping_fault). But this doesn't matter, this is wrong anyway. > What zeroes pages[1]? Heh ;) Thanks. I'll send v2. Oleg.