Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935085AbXHLNMU (ORCPT ); Sun, 12 Aug 2007 09:12:20 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1760497AbXHLNML (ORCPT ); Sun, 12 Aug 2007 09:12:11 -0400 Received: from outpipe-village-512-1.bc.nu ([81.2.110.250]:60673 "EHLO the-village.bc.nu" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1756490AbXHLNMJ (ORCPT ); Sun, 12 Aug 2007 09:12:09 -0400 Date: Sun, 12 Aug 2007 14:19:05 +0100 From: Alan Cox To: WU Fengguang Cc: Balbir Singh , Andrew Morton , linux-kernel Subject: Re: [BUGFIX] NULL pointer dereference in __vm_enough_memory() Message-ID: <20070812141905.4ee423b9@the-village.bc.nu> In-Reply-To: <386921666.18788@ustc.edu.cn> References: <46BEF5C0.3080902@linux.vnet.ibm.com> <20070812120902.GA9972@mail.ustc.edu.cn> <386921666.18788@ustc.edu.cn> X-Mailer: Claws Mail 2.10.0 (GTK+ 2.10.14; i386-redhat-linux-gnu) Organization: Red Hat UK Cyf., Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, Y Deyrnas Gyfunol. Cofrestrwyd yng Nghymru a Lloegr o'r rhif cofrestru 3798903 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1193 Lines: 26 > > Great! So the problem might have existed for some time, but we never > > saw it due to default over commit values? Were you using these values > > for over commit even before? > > No I changed it several weeks ago to stop my desktop from freezing. > So yes, the bug may have been there for a while. The bug is the new exec with lots of arguments code. It tries to insert a vm struct without having a valid current->mm. That isn't permitted and never had been (which is also why it broke the sparc mmu code etc). You'll need to change the kernel security interface a little to make this fly - I think the following should do it. - make __vm_enough_memory take a struct mm pointer and use it - make security_ops pass the extra current->mm - add a vm_enough_memory_mm security op - use security_vm_enough_memory_mm(mm, ...) in __insert_vm_struct I'll knock up a quick patch and see what is needed (someone else can do the selinux changes) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/