From: David Hildenbrand <david@redhat.com>
To: Suren Baghdasaryan <surenb@google.com>
Cc: akpm@linux-foundation.org, hughd@google.com, hannes@cmpxchg.org,
vincent.whitchurch@axis.com, seanjc@google.com, rppt@kernel.org,
shy828301@gmail.com, pasha.tatashin@soleen.com,
paul.gortmaker@windriver.com, peterx@redhat.com, vbabka@suse.cz,
Liam.Howlett@oracle.com, ccross@google.com, willy@infradead.org,
arnd@arndb.de, cgel.zte@gmail.com, yuzhao@google.com,
bagasdotme@gmail.com, suleiman@google.com, steven@liquorix.net,
heftig@archlinux.org, cuigaosheng1@huawei.com,
kirill@shutemov.name, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
syzbot+91edf9178386a07d06a7@syzkaller.appspotmail.com
Subject: Re: [PATCH 1/1] mm: fix vma->anon_name memory leak for anonymous shmem VMAs
Date: Wed, 4 Jan 2023 10:04:04 +0100 [thread overview]
Message-ID: <b3aec4d4-737d-255a-d25e-451222fc9bb9@redhat.com> (raw)
In-Reply-To: <CAJuCfpGUpPPoKjAAmV7UK2H2o2NqsSa+-_M6JwesCfc+VRY2vw@mail.gmail.com>
On 03.01.23 20:53, Suren Baghdasaryan wrote:
> On Mon, Jan 2, 2023 at 4:00 AM David Hildenbrand <david@redhat.com> wrote:
>>
>> On 28.12.22 20:42, Suren Baghdasaryan wrote:
>>> free_anon_vma_name() is missing a check for anonymous shmem VMA which
>>> leads to a memory leak due to refcount not being dropped. Fix this by
>>> adding the missing check.
>>>
>>> Fixes: d09e8ca6cb93 ("mm: anonymous shared memory naming")
>>> Reported-by: syzbot+91edf9178386a07d06a7@syzkaller.appspotmail.com
>>> Signed-off-by: Suren Baghdasaryan <surenb@google.com>
>>> ---
>>> include/linux/mm_inline.h | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/include/linux/mm_inline.h b/include/linux/mm_inline.h
>>> index e8ed225d8f7c..d650ca2c5d29 100644
>>> --- a/include/linux/mm_inline.h
>>> +++ b/include/linux/mm_inline.h
>>> @@ -413,7 +413,7 @@ static inline void free_anon_vma_name(struct vm_area_struct *vma)
>>> * Not using anon_vma_name because it generates a warning if mmap_lock
>>> * is not held, which might be the case here.
>>> */
>>> - if (!vma->vm_file)
>>> + if (!vma->vm_file || vma_is_anon_shmem(vma))
>>> anon_vma_name_put(vma->anon_name);
>>
>> Wouldn't it be me more consistent to check for "vma->anon_name"?
>>
>> That's what dup_anon_vma_name() checks. And it's safe now because
>> anon_name is no longer overloaded in vm_area_struct.
>
> Thanks for the suggestion, David. Yes, with the recent change that
> does not overload anon_name, checking for "vma->anon_name" would be
> simpler. I think we can also drop anon_vma_name() function now
> (https://elixir.bootlin.com/linux/v6.2-rc2/source/mm/madvise.c#L94)
> since vma->anon_name does not depend on vma->vm_file anymore, remove
> the last part of this comment:
> https://elixir.bootlin.com/linux/v6.2-rc2/source/include/linux/mm_types.h#L584
> and use vma->anon_name directly going forward. If all that sounds
> good, I'll post a separate patch implementing all these changes.
> So, for this patch I would suggest keeping it as is because
> functionally it is correct and will change this check along with other
> corrections I mentioned above in a separate patch. Does that sound
> good?
Works for me.
Acked-by: David Hildenbrand <david@redhat.com>
for this one, as it fixes the issue.
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2023-01-04 9:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-28 19:42 [PATCH 1/1] mm: fix vma->anon_name memory leak for anonymous shmem VMAs Suren Baghdasaryan
2023-01-02 12:00 ` David Hildenbrand
2023-01-03 19:53 ` Suren Baghdasaryan
2023-01-04 9:04 ` David Hildenbrand [this message]
2023-01-04 18:24 ` Suren Baghdasaryan
2023-01-05 0:06 ` Suren Baghdasaryan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b3aec4d4-737d-255a-d25e-451222fc9bb9@redhat.com \
--to=david@redhat.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bagasdotme@gmail.com \
--cc=ccross@google.com \
--cc=cgel.zte@gmail.com \
--cc=cuigaosheng1@huawei.com \
--cc=hannes@cmpxchg.org \
--cc=heftig@archlinux.org \
--cc=hughd@google.com \
--cc=kirill@shutemov.name \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pasha.tatashin@soleen.com \
--cc=paul.gortmaker@windriver.com \
--cc=peterx@redhat.com \
--cc=rppt@kernel.org \
--cc=seanjc@google.com \
--cc=shy828301@gmail.com \
--cc=steven@liquorix.net \
--cc=suleiman@google.com \
--cc=surenb@google.com \
--cc=syzbot+91edf9178386a07d06a7@syzkaller.appspotmail.com \
--cc=vbabka@suse.cz \
--cc=vincent.whitchurch@axis.com \
--cc=willy@infradead.org \
--cc=yuzhao@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.