Re: [ 66/68] mm: Hold a file reference in madvise_remove

[Herton Ronaldo Krzesinski]

On Thu, Jul 12, 2012 at 04:02:40PM -0700, Greg Kroah-Hartman wrote:
> From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> 
> 3.0-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
> 
> commit 9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb upstream.
> 
> Otherwise the code races with munmap (causing a use-after-free
> of the vma) or with close (causing a use-after-free of the struct
> file).
> 
> The bug was introduced by commit 90ed52ebe481 ("[PATCH] holepunch: fix
> mmap_sem i_mutex deadlock")
> 
> [bwh: Backported to 3.2:
>  - Adjust context
>  - madvise_remove() calls vmtruncate_range(), not do_fallocate()]
> [luto: Backported to 3.0: Adjust context]

Didn't want to be annoying, but as I went looking sequentially,
I found missing diffs one by one... anyway this should be the last.

> 
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

-- 
[]'s
Herton
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/