From: Philippe Mikoyan <philippe.mikoyan@skat.systems>
To: Manfred Spraul <manfred@colorfullife.com>,
Davidlohr Bueso <dave@stgolabs.net>
Cc: akpm@linux-foundation.org, viro@zeniv.linux.org.uk,
linux-kernel@vger.kernel.org, edgar.kaziakhmedov@virtuozzo.com
Subject: Re: [PATCH 2/2] ipc: Fix ipc data structures inconsistency
Date: Sat, 2 Dec 2017 17:43:52 +0300 [thread overview]
Message-ID: <20171202174352.39bda865@PhilDeb> (raw)
In-Reply-To: <bcf68a7f-d860-2c7e-69ed-341eb81c69e6@colorfullife.com>
On Fri, 1 Dec 2017 09:20:07 -0800
Davidlohr Bueso <dave@stgolabs.net> wrote:
>
> Hmm yeah that's pretty fishy, also shm_atime = 0, no?
>
Yeah, definitely, other data structure fields can also be
inconsistent, and applying not only to shmem, but also to
other ipc mechanisms.
Thank you for noting the typo, 'll send fixed version in next
message(without another patch, see below).
On Sat, 2 Dec 2017 07:03:30 +0100
Manfred Spraul <manfred@colorfullife.com> wrote:
> Especially: I don't know the shm code good enough to immediately
> check the change you make to nattach.
It seems that I didn't know the shm code good enough too: I've
recently discovered that
[PATCH 1/2] ipc/shm: Fix shm_nattch incorrect value
is, frankly speaking, clearly total crap as it
1) doesn't handle that shmem segment can be already RMID-ed
when entering shm_mmap, when called from 'remap_file_pages'
2) doesn't support (broken) logic of detaching remapped via
'remap_file_pages' shmem segment.
Regardless of handling (deprecated) 'remap_file_pages' call, patch
shall be OK. However, it has to be made over.
Sorry about that, hope I will find at least halfway elegant
solution and send it ASAP.
On Sat, 2 Dec 2017 07:03:30 +0100
Manfred Spraul <manfred@colorfullife.com> wrote:
>
> And, perhaps as a side information:
> There appears to be a use-after-free in shm, I now got a 2nd mail
> from syzbot:
> http://lkml.iu.edu/hypermail/linux/kernel/1702.3/02480.html
>
Will dig into.
Thanks,
Phil
next prev parent reply other threads:[~2017-12-02 14:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-30 6:12 [PATCH 0/2] ipc: Fix <ipc>ctl(..IPC_STAT..) bugs Philippe Mikoyan
2017-11-30 6:12 ` [PATCH 1/2] ipc/shm: Fix shm_nattch incorrect value Philippe Mikoyan
2017-11-30 6:12 ` [PATCH 2/2] ipc: Fix ipc data structures inconsistency Philippe Mikoyan
2017-12-01 17:20 ` Davidlohr Bueso
2017-12-02 6:03 ` Manfred Spraul
2017-12-02 14:43 ` Philippe Mikoyan [this message]
2017-12-03 1:37 ` Davidlohr Bueso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171202174352.39bda865@PhilDeb \
--to=philippe.mikoyan@skat.systems \
--cc=akpm@linux-foundation.org \
--cc=dave@stgolabs.net \
--cc=edgar.kaziakhmedov@virtuozzo.com \
--cc=linux-kernel@vger.kernel.org \
--cc=manfred@colorfullife.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox