Re: [PATCH 3/3] uprobes: write_opcode()->__replace_page() can racewith try_to_unmap()

From: Peter Zijlstra
Date: Fri Jun 08 2012 - 04:47:31 EST

Next message: Pekka Enberg: "Re: [PATCH 0/5] Some vmevent fixes..."
Previous message: Ingo Molnar: "Re: [PATCH 1/2] perf, x86: Add basic Ivy Bridge support v2"
Next in thread: Oleg Nesterov: "Re: [PATCH 3/3] uprobes: write_opcode()->__replace_page() can racewith try_to_unmap()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2012-06-07 at 19:00 +0200, Oleg Nesterov wrote:
> write_opcode() gets old_page via get_user_pages() and then calls
> __replace_page() which assumes that this old_page is still mapped
> after pte_offset_map_lock().
>
> This is not true if this old_page was already try_to_unmap()'ed,
> and in this case everything __replace_page() does with old_page
> is wrong. Just for example, put_page() is not balanced.
>
> I think it is possible to teach __replace_page() to handle this
> unlikely case correctly, but this patch simply changes it to use
> page_check_address() and return -EAGAIN if it fails. The caller
> should notice this error code and retry.

Note that replace_page() was nicked from ksm, does that suffer a similar
problem?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pekka Enberg: "Re: [PATCH 0/5] Some vmevent fixes..."
Previous message: Ingo Molnar: "Re: [PATCH 1/2] perf, x86: Add basic Ivy Bridge support v2"
Next in thread: Oleg Nesterov: "Re: [PATCH 3/3] uprobes: write_opcode()->__replace_page() can racewith try_to_unmap()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]