Date: Fri, 2 Apr 2004 04:13:23 +0200
From: Andrea Arcangeli <andrea@suse.de>
To: Chris Wright <chrisw@osdl.org>
Cc: Andrew Morton <akpm@osdl.org>, linux-kernel@vger.kernel.org,
       kenneth.w.chen@intel.com
Subject: Re: disable-cap-mlock
Message-ID: <20040402021323.GP18585@dualathlon.random>
References: <20040401135920.GF18585@dualathlon.random> <20040401170705.Y22989@build.pdx.osdl.net> <20040402011804.GL18585@dualathlon.random> <20040401173014.Z22989@build.pdx.osdl.net> <20040402013547.GM18585@dualathlon.random> <20040401180441.B22989@build.pdx.osdl.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040401180441.B22989@build.pdx.osdl.net>
User-Agent: Mutt/1.4.1i
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 992
Lines: 21

On Thu, Apr 01, 2004 at 06:04:41PM -0800, Chris Wright wrote:
> * Andrea Arcangeli (andrea@suse.de) wrote:
> > what you missed is that after you locked_vm -= you don't free anything,
> > you only unmap them from the address space which means nothing in terms
> > of amount if pinned ram.
> 
> doesn't it free the huge page right there?  each page gets
> huge_page_released, right?

that has nothing to do with freeing the page, that's just releasing 1
refcount, because you dropped the pte mapping, the page is still there
healthy in the pagecache ready for somebody else to shmat. If you were
right then a shmdt+shmat would corrupt the SGA.

Your patch breaks local security and it's trivial to DoS a machine with
it applied as far as I can tell.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/