From: Davidlohr Bueso <dave@stgolabs.net>
To: akpm@linux-foundation.org, aarcange@redhat.com
Cc: joe.lawrence@redhat.com, gareth.evans@contextis.co.uk,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
dave@stgolabs.net, stable@kernel.org,
Davidlohr Bueso <dbueso@suse.de>
Subject: [PATCH 1/2] Revert "ipc/shm: Fix shmat mmap nil-page protection"
Date: Thu, 3 May 2018 13:32:42 -0700 [thread overview]
Message-ID: <20180503203243.15045-2-dave@stgolabs.net> (raw)
In-Reply-To: <20180503203243.15045-1-dave@stgolabs.net>
95e91b831f87 (ipc/shm: Fix shmat mmap nil-page protection) worked on
the idea that we should not be mapping as root addr=0 and MAP_FIXED.
However, it was reported that this scenario is in fact valid, thus
making the patch both bogus and breaks userspace as well. For example
X11's libint10.so relies on shmat(1, SHM_RND) for lowmem initialization[1].
[1] https://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/os-support/linux/int10/linux.c#n347
Reported-by: Joe Lawrence <joe.lawrence@redhat.com>
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
---
ipc/shm.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/ipc/shm.c b/ipc/shm.c
index 0075990338f4..b81d53c8f459 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1371,13 +1371,8 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg,
if (addr) {
if (addr & (shmlba - 1)) {
- /*
- * Round down to the nearest multiple of shmlba.
- * For sane do_mmap_pgoff() parameters, avoid
- * round downs that trigger nil-page and MAP_FIXED.
- */
- if ((shmflg & SHM_RND) && addr >= shmlba)
- addr &= ~(shmlba - 1);
+ if (shmflg & SHM_RND)
+ addr &= ~(shmlba - 1); /* round down */
else
#ifndef __ARCH_FORCE_SHMLBA
if (addr & ~PAGE_MASK)
--
2.13.6
next prev parent reply other threads:[~2018-05-03 20:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-03 20:32 [PATCH -next 0/2] ipc/shm: shmat() fixes around nil-page Davidlohr Bueso
2018-05-03 20:32 ` Davidlohr Bueso [this message]
2018-05-03 20:49 ` [PATCH 2/2] ipc/shm: fix shmat() nil address after round-down when remapping Davidlohr Bueso
2018-05-10 18:17 ` [PATCH -next 0/2] ipc/shm: shmat() fixes around nil-page Vlastimil Babka
2018-05-10 18:17 ` [LTP] " Vlastimil Babka
2018-05-14 16:19 ` Davidlohr Bueso
2018-05-14 16:19 ` [LTP] " Davidlohr Bueso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180503203243.15045-2-dave@stgolabs.net \
--to=dave@stgolabs.net \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dbueso@suse.de \
--cc=gareth.evans@contextis.co.uk \
--cc=joe.lawrence@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.