subject:"\[PATCH\] fix NULL pointer dereference in __vm_enough

Re: [PATCH] fix NULL pointer dereference in __vm_enough_memory()

2007-08-14 Thread Tobias Diedrich

Andrew Morton wrote:

> erp, we have major version skew between 2.6.23-rc1-mm1 and 2.6.23-rc3 here, 
> sorry.
> 
> Could I ask for a redone patch against mainline?

Since I'm seeing this problem on 2.6.23-rc3, I tried adapting it.
I'm running it now and the NULL pointer messages are gone.

Index: linux-2.6.23-rc3/include/linux/mm.h
===
--- linux-2.6.23-rc3.orig/include/linux/mm.h2007-08-14 18:33:09.0 
+0200
+++ linux-2.6.23-rc3/include/linux/mm.h 2007-08-14 19:31:59.0 +0200
@@ -1042,7 +1042,7 @@
 }
 
 /* mmap.c */
-extern int __vm_enough_memory(long pages, int cap_sys_admin);
+extern int __vm_enough_memory(struct mm_struct *mm, long pages, int 
cap_sys_admin);
 extern void vma_adjust(struct vm_area_struct *vma, unsigned long start,
unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert);
 extern struct vm_area_struct *vma_merge(struct mm_struct *,
Index: linux-2.6.23-rc3/include/linux/security.h
===
--- linux-2.6.23-rc3.orig/include/linux/security.h  2007-08-14 
18:33:10.0 +0200
+++ linux-2.6.23-rc3/include/linux/security.h   2007-08-14 19:38:24.0 
+0200
@@ -54,7 +54,7 @@
 extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t 
old_suid, int flags);
 extern void cap_task_reparent_to_init (struct task_struct *p);
 extern int cap_syslog (int type);
-extern int cap_vm_enough_memory (long pages);
+extern int cap_vm_enough_memory (struct mm_struct *mm, long pages);
 
 struct msghdr;
 struct sk_buff;
@@ -1125,6 +1125,7 @@
  * Return 0 if permission is granted.
  * @vm_enough_memory:
  * Check permissions for allocating a new virtual mapping.
+ * @mm contains the mm struct it is being added to.
  *  @pages contains the number of pages.
  * Return 0 if permission is granted.
  *
@@ -1169,7 +1170,7 @@
int (*quota_on) (struct dentry * dentry);
int (*syslog) (int type);
int (*settime) (struct timespec *ts, struct timezone *tz);
-   int (*vm_enough_memory) (long pages);
+   int (*vm_enough_memory) (struct mm_struct *mm, long pages);
 
int (*bprm_alloc_security) (struct linux_binprm * bprm);
void (*bprm_free_security) (struct linux_binprm * bprm);
@@ -1469,10 +1470,14 @@
return security_ops->settime(ts, tz);
 }
 
-
 static inline int security_vm_enough_memory(long pages)
 {
-   return security_ops->vm_enough_memory(pages);
+   return security_ops->vm_enough_memory(current->mm, pages);
+}
+
+static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long 
pages)
+{
+   return security_ops->vm_enough_memory(mm, pages);
 }
 
 static inline int security_bprm_alloc (struct linux_binprm *bprm)
@@ -2219,7 +2224,12 @@
 
 static inline int security_vm_enough_memory(long pages)
 {
-   return cap_vm_enough_memory(pages);
+   return cap_vm_enough_memory(current->mm, pages);
+}
+
+static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long 
pages)
+{
+   return cap_vm_enough_memory(mm, pages);
 }
 
 static inline int security_bprm_alloc (struct linux_binprm *bprm)
Index: linux-2.6.23-rc3/mm/mmap.c
===
--- linux-2.6.23-rc3.orig/mm/mmap.c 2007-08-14 18:33:11.0 +0200
+++ linux-2.6.23-rc3/mm/mmap.c  2007-08-14 19:31:59.0 +0200
@@ -93,7 +93,7 @@
  * Note this is a helper function intended to be used by LSMs which
  * wish to use this logic.
  */
-int __vm_enough_memory(long pages, int cap_sys_admin)
+int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
 {
unsigned long free, allowed;
 
@@ -166,7 +166,7 @@
 
/* Don't let a single process grow too big:
   leave 3% of the size of this process for other processes */
-   allowed -= current->mm->total_vm / 32;
+   allowed -= mm->total_vm / 32;
 
/*
 * cast `allowed' as a signed long because vm_committed_space
@@ -2077,7 +2077,7 @@
if (__vma && __vma->vm_start < vma->vm_end)
return -ENOMEM;
if ((vma->vm_flags & VM_ACCOUNT) &&
-security_vm_enough_memory(vma_pages(vma)))
+security_vm_enough_memory_mm(mm, vma_pages(vma)))
return -ENOMEM;
vma_link(mm, vma, prev, rb_link, rb_parent);
return 0;
Index: linux-2.6.23-rc3/mm/nommu.c
===
--- linux-2.6.23-rc3.orig/mm/nommu.c2007-08-14 18:33:12.0 +0200
+++ linux-2.6.23-rc3/mm/nommu.c 2007-08-14 19:31:59.0 +0200
@@ -1270,7 +1270,7 @@
  * Note this is a helper function intended to be used by LSMs which
  * wish to use this logic.
  */
-int __vm_enough_memory(long pages, int cap_sys_admin)
+int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
 {
unsigned long free, allowed;
 
Index: linux-

Re: [PATCH] fix NULL pointer dereference in __vm_enough_memory()

2007-08-13 Thread Andrew Morton

On Mon, 13 Aug 2007 14:01:06 +0100 Alan Cox <[EMAIL PROTECTED]> wrote:

> On Mon, 13 Aug 2007 15:38:53 +0800
> WU Fengguang <[EMAIL PROTECTED]> wrote:
> 
> > On Sun, Aug 12, 2007 at 04:17:44PM +0100, Alan Cox wrote:
> > > Try this (it compiles but isnt tested). Its a weekend here, the sun is
> > > shining, the beach is a short walk, and I have more interesting things to
> > > do right now 8)
> > 
> > Have a nice day~~~ It works!
> 
> Ok please apply the patch then Andrew
> 
> ---
> 
> The new exec code inserts an accounted vma into an mm struct which is not
> current->mm. The existing memory check code has a hard coded assumption
> that this does not happen as does the security code.
> 
> As the correct mm is known we pass the mm to the security method and the
> helper function. A new security test is added for the case where we need
> to pass the mm and the existing one is modified to pass current->mm to
> avoid the need to change large amounts of code.
> 
> Signed-off-by: Alan Cox <[EMAIL PROTECTED]>
> 
> 
> diff -u --new-file --recursive --exclude-from /usr/src/exclude 
> linux.vanilla-2.6.23rc1-mm1/include/linux/mm.h 
> linux-2.6.23rc1-mm1/include/linux/mm.h
> --- linux.vanilla-2.6.23rc1-mm1/include/linux/mm.h2007-07-26 
> 15:02:58.0 +0100

erp, we have major version skew between 2.6.23-rc1-mm1 and 2.6.23-rc3 here, 
sorry.

Could I ask for a redone patch against mainline?

Thanks.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] fix NULL pointer dereference in __vm_enough_memory()

2007-08-13 Thread Alan Cox

On Mon, 13 Aug 2007 15:38:53 +0800
WU Fengguang <[EMAIL PROTECTED]> wrote:

> On Sun, Aug 12, 2007 at 04:17:44PM +0100, Alan Cox wrote:
> > Try this (it compiles but isnt tested). Its a weekend here, the sun is
> > shining, the beach is a short walk, and I have more interesting things to
> > do right now 8)
> 
> Have a nice day~~~ It works!

Ok please apply the patch then Andrew

---

The new exec code inserts an accounted vma into an mm struct which is not
current->mm. The existing memory check code has a hard coded assumption
that this does not happen as does the security code.

As the correct mm is known we pass the mm to the security method and the
helper function. A new security test is added for the case where we need
to pass the mm and the existing one is modified to pass current->mm to
avoid the need to change large amounts of code.

Signed-off-by: Alan Cox <[EMAIL PROTECTED]>


diff -u --new-file --recursive --exclude-from /usr/src/exclude 
linux.vanilla-2.6.23rc1-mm1/include/linux/mm.h 
linux-2.6.23rc1-mm1/include/linux/mm.h
--- linux.vanilla-2.6.23rc1-mm1/include/linux/mm.h  2007-07-26 
15:02:58.0 +0100
+++ linux-2.6.23rc1-mm1/include/linux/mm.h  2007-08-12 13:54:24.614647536 
+0100
@@ -1079,7 +1079,7 @@
 }
 
 /* mmap.c */
-extern int __vm_enough_memory(long pages, int cap_sys_admin);
+extern int __vm_enough_memory(struct mm_struct *mm, long pages, int 
cap_sys_admin);
 extern void vma_adjust(struct vm_area_struct *vma, unsigned long start,
unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert);
 extern struct vm_area_struct *vma_merge(struct mm_struct *,
diff -u --new-file --recursive --exclude-from /usr/src/exclude 
linux.vanilla-2.6.23rc1-mm1/include/linux/security.h 
linux-2.6.23rc1-mm1/include/linux/security.h
--- linux.vanilla-2.6.23rc1-mm1/include/linux/security.h2007-07-26 
15:02:58.0 +0100
+++ linux-2.6.23rc1-mm1/include/linux/security.h2007-08-12 
14:13:10.383504656 +0100
@@ -58,7 +58,7 @@
 extern int cap_task_setioprio (struct task_struct *p, int ioprio);
 extern int cap_task_setnice (struct task_struct *p, int nice);
 extern int cap_syslog (int type);
-extern int cap_vm_enough_memory (long pages);
+extern int cap_vm_enough_memory (struct mm_struct *mm, long pages);
 
 struct msghdr;
 struct sk_buff;
@@ -1129,6 +1129,7 @@
  * Return 0 if permission is granted.
  * @vm_enough_memory:
  * Check permissions for allocating a new virtual mapping.
+ * @mm contains the mm struct it is being added to.
  *  @pages contains the number of pages.
  * Return 0 if permission is granted.
  *
@@ -1173,7 +1174,7 @@
int (*quota_on) (struct dentry * dentry);
int (*syslog) (int type);
int (*settime) (struct timespec *ts, struct timezone *tz);
-   int (*vm_enough_memory) (long pages);
+   int (*vm_enough_memory) (struct mm_struct *mm, long pages);
 
int (*bprm_alloc_security) (struct linux_binprm * bprm);
void (*bprm_free_security) (struct linux_binprm * bprm);
@@ -1439,6 +1440,7 @@
 int security_syslog(int type);
 int security_settime(struct timespec *ts, struct timezone *tz);
 int security_vm_enough_memory(long pages);
+int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
 int security_bprm_alloc(struct linux_binprm *bprm);
 void security_bprm_free(struct linux_binprm *bprm);
 void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);
diff -u --new-file --recursive --exclude-from /usr/src/exclude 
linux.vanilla-2.6.23rc1-mm1/mm/mmap.c linux-2.6.23rc1-mm1/mm/mmap.c
--- linux.vanilla-2.6.23rc1-mm1/mm/mmap.c   2007-07-26 15:02:58.0 
+0100
+++ linux-2.6.23rc1-mm1/mm/mmap.c   2007-08-12 13:53:22.0 +0100
@@ -93,7 +93,7 @@
  * Note this is a helper function intended to be used by LSMs which
  * wish to use this logic.
  */
-int __vm_enough_memory(long pages, int cap_sys_admin)
+int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
 {
unsigned long free, allowed;
 
@@ -166,7 +166,7 @@
 
/* Don't let a single process grow too big:
   leave 3% of the size of this process for other processes */
-   allowed -= current->mm->total_vm / 32;
+   allowed -= mm->total_vm / 32;
 
/*
 * cast `allowed' as a signed long because vm_committed_space
@@ -2058,7 +2058,7 @@
if (__vma && __vma->vm_start < vma->vm_end)
return -ENOMEM;
if ((vma->vm_flags & VM_ACCOUNT) &&
-security_vm_enough_memory(vma_pages(vma)))
+security_vm_enough_memory_mm(mm, vma_pages(vma)))
return -ENOMEM;
vma_link(mm, vma, prev, rb_link, rb_parent);
return 0;
diff -u --new-file --recursive --exclude-from /usr/src/exclude 
linux.vanilla-2.6.23rc1-mm1/mm/nommu.c linux-2.6.23rc1-mm1/mm/nommu.c
--- linux.vanilla-2.6.23rc1-mm1/mm/nommu.c  2007-07-26 15:02:08.0 
+0100
+++ linux-2.6.23rc1-mm1/mm/nommu.c  2007-08-12 13:53:

Re: [PATCH] fix NULL pointer dereference in __vm_enough_memory()

Re: [PATCH] fix NULL pointer dereference in __vm_enough_memory()

[PATCH] fix NULL pointer dereference in __vm_enough_memory()

3 matches

Site Navigation

Mail list logo

Footer information