From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Duane Griffin <duaneg@dghda.com>,
Nick Piggin <npiggin@suse.de>
Subject: [patch 03/13] Remove broken ptrace() special-case code from file mapping
Date: Wed, 14 Nov 2007 22:09:24 -0800 [thread overview]
Message-ID: <20071115060924.GD7602@kroah.com> (raw)
In-Reply-To: <20071115060544.GA7602@kroah.com>
[-- Attachment #1: remove-broken-ptrace-special-case-code-from-file-mapping.patch --]
[-- Type: text/plain, Size: 2128 bytes --]
stable review patch. If anyone has any objections, please let us know.
------------------
The kernel has for random historical reasons allowed ptrace() accesses
to access (and insert) pages into the page cache above the size of the
file.
However, Nick broke that by mistake when doing the new fault handling in
commit 54cb8821de07f2ffcd28c380ce9b93d5784b40d7 ("mm: merge populate and
nopage into fault (fixes nonlinear)". The breakage caused a hang with
gdb when trying to access the invalid page.
The ptrace "feature" really isn't worth resurrecting, since it really is
wrong both from a portability _and_ from an internal page cache validity
standpoint. So this removes those old broken remnants, and fixes the
ptrace() hang in the process.
Noticed and bisected by Duane Griffin, who also supplied a test-case
(quoth Nick: "Well that's probably the best bug report I've ever had,
thanks Duane!").
Cc: Duane Griffin <duaneg@dghda.com>
Acked-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/filemap.c | 13 ++-----------
1 file changed, 2 insertions(+), 11 deletions(-)
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1312,7 +1312,7 @@ int filemap_fault(struct vm_area_struct
size = (i_size_read(inode) + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
if (vmf->pgoff >= size)
- goto outside_data_content;
+ return VM_FAULT_SIGBUS;
/* If we don't want any read-ahead, don't bother */
if (VM_RandomReadHint(vma))
@@ -1389,7 +1389,7 @@ retry_find:
if (unlikely(vmf->pgoff >= size)) {
unlock_page(page);
page_cache_release(page);
- goto outside_data_content;
+ return VM_FAULT_SIGBUS;
}
/*
@@ -1400,15 +1400,6 @@ retry_find:
vmf->page = page;
return ret | VM_FAULT_LOCKED;
-outside_data_content:
- /*
- * An external ptracer can access pages that normally aren't
- * accessible..
- */
- if (vma->vm_mm == current->mm)
- return VM_FAULT_SIGBUS;
-
- /* Fall through to the non-read-ahead case */
no_cached_page:
/*
* We're only likely to ever get here if MADV_RANDOM is in
--
next prev parent reply other threads:[~2007-11-15 6:11 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20071115042610.731859958@mini.kroah.org>
2007-11-15 6:05 ` [patch 00/13] 2.6.23-stable review, core kernel changes Greg KH
2007-11-15 6:09 ` [patch 01/13] lockdep: fix mismatched lockdep_depth/curr_chain_hash Greg KH
2007-11-15 6:09 ` [patch 02/13] locks: fix possible infinite loop in posix deadlock detection Greg KH
2007-11-15 6:09 ` Greg KH [this message]
2007-11-15 6:09 ` [patch 04/13] param_sysfs_builtin memchr argument fix Greg KH
2007-11-15 16:11 ` Chuck Ebbert
2007-11-15 17:58 ` Greg KH
2007-11-15 20:46 ` Chuck Ebbert
2007-11-15 21:20 ` Jan Kiszka
2007-11-15 23:58 ` Greg KH
2007-11-15 6:09 ` [patch 05/13] HOWTO: update ja_JP/HOWTO with latest changes Greg KH
2007-11-15 6:09 ` [patch 06/13] SLUB: Fix memory leak by not reusing cpu_slab Greg KH
2007-11-15 6:09 ` [patch 07/13] writeback: dont propagate AOP_WRITEPAGE_ACTIVATE Greg KH
2007-11-15 6:09 ` [patch 08/13] splice: fix double kunmap() in vmsplice copy path Greg KH
2007-11-15 6:09 ` [patch 09/13] fix the softlockup watchdog to actually work Greg KH
2007-11-15 6:09 ` [patch 10/13] sched: keep utime/stime monotonic Greg KH
2007-11-15 6:09 ` [patch 11/13] Fix compat futex hangs Greg KH
2007-11-15 6:09 ` [patch 12/13] fix tmpfs BUG and AOP_WRITEPAGE_ACTIVATE Greg KH
2007-11-15 6:09 ` [patch 13/13] BLOCK: Fix bad sharing of tag busy list on queues with shared tag maps Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071115060924.GD7602@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=duaneg@dghda.com \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=npiggin@suse.de \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox