Received: by 10.192.165.156 with SMTP id m28csp693538imm; Fri, 13 Apr 2018 06:19:05 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+ME4sOFKsx8kLZ/BkV+VhF/5tCZXBz1VSMA89Uhi4bXqnIWbrnKEcu2gjpvDm76q3FAwIr X-Received: by 2002:a17:902:52ec:: with SMTP id a99-v6mr4257064pli.371.1523625545252; Fri, 13 Apr 2018 06:19:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523625545; cv=none; d=google.com; s=arc-20160816; b=LVHloUIhJVuKngDYNs5rA0X/2DWDXcOM1q4aaywcf498T3g4sooJ+gwRahRF5TIhK9 CnAFuL7AqidE9aOlVujyb7tTbOKCVaPrggrxi+8+0IMzpfrPrA1ELcS5nGta7GJeqzl7 DpJnkTVGKySim+FyCFfRHe7etn7pvlZM8ei4+k2Q/2e91f4AazAIigmClAJaaxyDySLC FyNDFvITSvTFpCmIVNxaBV34Gu8ehR6FEM0W80Adi4xrRkANdspXynuEZ/87/fY0rFdh IMbTfLpgw7vC32Fx1mWn2UtmHaziPIBBPcZMs3BVz71fOI4bw2ongR0XMSC63LuFVLXa faOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dmarc-filter:dkim-signature:dkim-signature :arc-authentication-results; bh=pxmQrXKntwL+4KpADKbHeR2zBaKUiQH1dr5c0l7jYXo=; b=gJjAxbPLAXwM4WmOXbtIivfpYZkHL0vIHFu9shlYGLr+FXGiUXQZORx3wK59pyuY6l tpBRFXOPd3/yR0I0NqRrD8Y8woMz576wmBtW96tXpLAIOGra6uWAqTNlP1C2Oy6tuRwt bN2bFClvf615da2EHHnKycJE+wi8g28fzBKtYgIYv3qgSam4RHM9fgnkYFx0u0ZH+thR ExulCK2FX+LOdBOvaY4+S3Bz6+WdiwVez/3upk23BGWw8Uu1P5XyGbQZbCgPULy2aHFl hqtL+1xPrSIQHAOxLiMks0GkwxpYlq7hc4v5zk7XSNFkzMC8rSMSy/1oH7liVoRP8D3L ty5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=YRZZyCKm; dkim=pass header.i=@codeaurora.org header.s=default header.b=ZgUsvz9y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h80si4612740pfj.129.2018.04.13.06.18.50; Fri, 13 Apr 2018 06:19:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=YRZZyCKm; dkim=pass header.i=@codeaurora.org header.s=default header.b=ZgUsvz9y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754463AbeDMLeR (ORCPT + 99 others); Fri, 13 Apr 2018 07:34:17 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:39300 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754410AbeDMLeP (ORCPT ); Fri, 13 Apr 2018 07:34:15 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id B202460F92; Fri, 13 Apr 2018 11:34:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1523619254; bh=WpoCXis+RI3ei6PmuvdGLjNv4+TBXxv02qkJgqlxHtg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YRZZyCKmfdYLsPRTIJHqZnmhCFyayUuLKc8SuuRTzu9S4nHZRegvQ00fy2/98ctzK 3hlXeB55hau+2C4usNaSyUtXGVGjBvuq/IUoMlYfG4cyMt24enDMpk8J3YUEpgwE+9 Tu0d6C0tVSdsbDvoWj7xec1tcDjd5izCVxn2lFYU= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=2.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0 Received: from cpandya-linux.qualcomm.com (blr-c-bdr-fw-01_globalnat_allzones-outside.qualcomm.com [103.229.19.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: cpandya@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 10D966090E; Fri, 13 Apr 2018 11:34:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1523619253; bh=WpoCXis+RI3ei6PmuvdGLjNv4+TBXxv02qkJgqlxHtg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZgUsvz9yFsbNGNo5x8DVhQ3260tWWUKaOsgtp/bBbi6g0CpY+wJ6xDY09JBgdngtK HFVx3E2sG/r7HRXIGzYI71NznH9cbYhhiFKJIWuCJZ1ThI9yZVlRzbTYw3+HaPc5oY MNqxAoM7tWB4AW1SFcfkhtt+g0kdjX3BulLDExss= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 10D966090E Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=cpandya@codeaurora.org From: Chintan Pandya To: vbabka@suse.cz, labbott@redhat.com, catalin.marinas@arm.com, hannes@cmpxchg.org, f.fainelli@gmail.com, xieyisheng1@huawei.com, ard.biesheuvel@linaro.org, richard.weiyang@gmail.com, byungchul.park@lge.com Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Chintan Pandya Subject: [PATCH 1/2] mm: vmalloc: Avoid racy handling of debugobjects in vunmap Date: Fri, 13 Apr 2018 17:03:53 +0530 Message-Id: <1523619234-17635-2-git-send-email-cpandya@codeaurora.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1523619234-17635-1-git-send-email-cpandya@codeaurora.org> References: <1523619234-17635-1-git-send-email-cpandya@codeaurora.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, __vunmap flow is, 1) Release the VM area 2) Free the debug objects corresponding to that vm area. This leave some race window open. 1) Release the VM area 1.5) Some other client gets the same vm area 1.6) This client allocates new debug objects on the same vm area 2) Free the debug objects corresponding to this vm area. Here, we actually free 'other' client's debug objects. Fix this by freeing the debug objects first and then releasing the VM area. Signed-off-by: Chintan Pandya --- mm/vmalloc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index ebff729..9ff21a1 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -1519,7 +1519,7 @@ static void __vunmap(const void *addr, int deallocate_pages) addr)) return; - area = remove_vm_area(addr); + area = find_vmap_area((unsigned long)addr)->vm; if (unlikely(!area)) { WARN(1, KERN_ERR "Trying to vfree() nonexistent vm area (%p)\n", addr); @@ -1529,6 +1529,7 @@ static void __vunmap(const void *addr, int deallocate_pages) debug_check_no_locks_freed(addr, get_vm_area_size(area)); debug_check_no_obj_freed(addr, get_vm_area_size(area)); + remove_vm_area(addr); if (deallocate_pages) { int i; -- Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc., is a member of Code Aurora Forum, a Linux Foundation Collaborative Project