Nick, On Tue, Feb 20, 2007 at 04:08:45PM +0100, Nick Piggin wrote: > On Tue, Feb 20, 2007 at 06:34:54AM -0800, Stephane Eranian wrote: > > nick, > > > > On Tue, Feb 20, 2007 at 03:18:56PM +0100, Nick Piggin wrote: > > > From: Nick Piggin <[EMAIL PROTECTED]> > > > > > > Perfmon associates vmalloc()ed memory with a file descriptor, and installs > > > a vma mapping that memory. Unfortunately, the vm_file field is not filled > > > in, > > > so processes with mappings to that memory do not prevent the file from > > > being > > > closed and the memory freed. This results in use-after-free bugs and > > > multiple > > > freeing of pages, etc. > > > > > > I saw this bug on an Altix on SLES9. Haven't reproduced upstream but it > > > looks > > > like the same issue is there. > > > > > > > I think this is possible for the old perfmon v2.0 codebase that is > > currently in > > mainline for IA-64. > > OK, I take that as an Ack? (the patch definitely applies, I just can't > get the Altix to boot 2.6.20 to verify it). > > > I have corrected this with the multi-arch v2.3 code base > > available as a kernel patch for the moment. > > Not that I've looked at the code, but can I be hopeful that v2.3 > using the traditional mmap file operation to set up the vma and map > in pages, rather than the way that v2.0 works? >
It does. You need an explicit mmap() call. -- -Stephane - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
