[PATCH Lucid/Natty CVE-2012-3511] mm: Hold a file reference in madvise_remove
Herton Ronaldo Krzesinski
herton.krzesinski at canonical.com
Thu Aug 30 19:37:24 UTC 2012
On Thu, Aug 30, 2012 at 09:22:48AM -0600, Tim Gardner wrote:
> @@ -211,9 +214,16 @@ static long madvise_remove(struct vm_area_struct *vma,
> endoff = (loff_t)(end - vma->vm_start - 1)
> + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
>
> - /* vmtruncate_range needs to take i_mutex and i_alloc_sem */
> + /*
> + * Filesystem's fallocate may need to take i_mutex. We need to
Just a minor nit here: for older versions it's still vmtruncate_range,
so perhaps the comment could be kept as:
"vmtruncate_range needs to take i_mutex and i_alloc_sem. We need to..."
but it doesn't change the result, just noted this. In any case Ack on
the backport.
> + * explicitly grab a reference because the vma (and hence the
> + * vma's reference to the file) can go away as soon as we drop
> + * mmap_sem.
> + */
> + get_file(f);
> up_read(¤t->mm->mmap_sem);
> error = vmtruncate_range(mapping->host, offset, endoff);
> + fput(f);
> down_read(¤t->mm->mmap_sem);
> return error;
> }
> --
> 1.7.9.5
--
[]'s
Herton
More information about the kernel-team
mailing list