From mboxrd@z Thu Jan  1 00:00:00 1970
From: Sergei Antonov <saproj@gmail.com>
Subject: Re: [PATCH] hfsplus: release bnode pages after use, not before
Date: Mon, 8 Jun 2015 18:32:34 +0200
Message-ID: <CABikg9zygcMw--rD8g0KgAeSnLY+D=ULFEyJggyQnrf8zWg__g@mail.gmail.com>
References: <1433637776-3559-1-git-send-email-saproj@gmail.com>
	<1433778309.2513.11.camel@ubuntu-slavad-14.04>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Cc: "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	Sasha Levin <sasha.levin@oracle.com>,
	Anton Altaparmakov <aia21@cam.ac.uk>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Christoph Hellwig <hch@infradead.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Hin-Tak Leung <htl10@users.sourceforge.net>,
	Sougata Santra <sougata@tuxera.com>
To: Vyacheslav Dubeyko <slava@dubeyko.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail-ob0-f175.google.com ([209.85.214.175]:36062 "EHLO
	mail-ob0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752836AbbFHQcf convert rfc822-to-8bit (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 8 Jun 2015 12:32:35 -0400
Received: by obbqz1 with SMTP id qz1so84392343obb.3
        for <linux-fsdevel@vger.kernel.org>; Mon, 08 Jun 2015 09:32:34 -0700 (PDT)
In-Reply-To: <1433778309.2513.11.camel@ubuntu-slavad-14.04>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On 8 June 2015 at 17:45, Vyacheslav Dubeyko <slava@dubeyko.com> wrote:
> On Sun, 2015-06-07 at 02:42 +0200, Sergei Antonov wrote:
>> Fix this bugreport by Sasha Levin:
>> http://lkml.org/lkml/2015/2/20/85 ("use after free")
>> Make sure mapped pages are available for the entire lifetime of hfs_=
bnode.
>>
>
> Sorry, I missed the point. What do you try to fix? How this change fi=
xes
> the issue?
>
> I think that maybe this fix makes sense. But it needs to describe it
> more deeply. Could you describe the fix with more details?

You are basically saying you don=E2=80=99t understand it. Too bad, beca=
use the
bug is very simple. It is the =E2=80=9Euse after free=E2=80=9C type of =
bug, and it can
be illustrated by this:
(1) void *ptr =3D malloc(=E2=80=A6);
(2) free(ptr);
(3) memcpy(=E2=80=A6, ptr, 1);
Guess which two of these three lines are executed in wrong order.

My patch is about the same type of bug, but with memory pages mapping.
The driver currently accesses pages that may be unavailable, or
contain different data. The problem is more likely to occur when
memory is a limited resource. I reproduced it while running a
memory-hungry program.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel=
" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html