Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965000Ab3E1SRc (ORCPT ); Tue, 28 May 2013 14:17:32 -0400 Received: from mail-ve0-f177.google.com ([209.85.128.177]:42191 "EHLO mail-ve0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964914Ab3E1SRb (ORCPT ); Tue, 28 May 2013 14:17:31 -0400 Date: Tue, 28 May 2013 14:22:11 -0400 (EDT) From: Vince Weaver To: Peter Zijlstra cc: Al Viro , linux-kernel@vger.kernel.org, Paul Mackerras , Ingo Molnar , Arnaldo Carvalho de Melo , trinity@vger.kernel.org Subject: Re: OOPS in perf_mmap_close() In-Reply-To: Message-ID: References: <20130523044803.GA25399@ZenIV.linux.org.uk> <20130523125218.GB23650@twins.programming.kicks-ass.net> <20130523152611.GE23650@twins.programming.kicks-ass.net> <20130528085548.GA12193@twins.programming.kicks-ass.net> User-Agent: Alpine 2.10 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 841 Lines: 22 On Tue, 28 May 2013, Vince Weaver wrote: > It looks like this is already in tip, but I can confirm that this > patch seems to fix things on my machine and holds up against longer > fuzzing runs. OK, I take it back. Even with the new patch applied, my fuzzer can still make the kernel leak user->locked_vm I assume that the locked_vm value should go back to 0 once a process that has a bunch of mmap'd perf_events opened exits? I admit this is sort of an obscure corner case, but it does mean that a user can leak user->locked_vm to the point that "perf record" no longer works. Vince -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/