LKML Archive on lore.kernel.org help / color / mirror / Atom feed
* Re: + mm-search_binary_handler-mem-limit-fix.patch added to -mm tree [not found] <200701240909.l0O99IwK013495@shell0.pdx.osdl.net> @ 2007-01-29 11:33 ` Heiko Carstens 2007-01-29 13:59 ` Heiko Carstens 0 siblings, 1 reply; 6+ messages in thread From: Heiko Carstens @ 2007-01-29 11:33 UTC (permalink / raw) To: linux-kernel; +Cc: dmonakhov, Andrew Morton, Martin Schwidefsky On Wed, Jan 24, 2007 at 01:09:18AM -0800, akpm@osdl.org wrote: > > The patch titled > mm: search_binary_handler() mem limit fix > has been added to the -mm tree. Its filename is > mm-search_binary_handler-mem-limit-fix.patch > > *** Remember to use Documentation/SubmitChecklist when testing your code *** > > See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find > out what to do about this > > ------------------------------------------------------ > Subject: mm: search_binary_handler() mem limit fix > From: Dmitriy Monakhov <dmonakhov@openvz.org> > > The function changes mem limit to USER_DS before possible modprobe, but > never restored it again. > > Signed-off-by: Dmitriy Monakhov <dmonakhov@openvz.org> > Signed-off-by: Andrew Morton <akpm@osdl.org> This patch breaks s390. I haven't yet tried to figure out why, but does this patch actually fix a real bug? What happens is that the init process gets killed -> panic. > fs/exec.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff -puN fs/exec.c~mm-search_binary_handler-mem-limit-fix fs/exec.c > --- a/fs/exec.c~mm-search_binary_handler-mem-limit-fix > +++ a/fs/exec.c > @@ -1018,6 +1018,7 @@ int search_binary_handler(struct linux_b > { > int try,retval; > struct linux_binfmt *fmt; > + mm_segment_t oldfs; > #ifdef __alpha__ > /* handle /sbin/loader.. */ > { > @@ -1059,11 +1060,12 @@ int search_binary_handler(struct linux_b > > /* kernel module loader fixup */ > /* so we don't try to load run modprobe in kernel space. */ > + oldfs = get_fs(); > set_fs(USER_DS); > > retval = audit_bprm(bprm); > if (retval) > - return retval; > + goto out; > > retval = -ENOENT; > for (try=0; try<2; try++) { > @@ -1084,7 +1086,7 @@ int search_binary_handler(struct linux_b > bprm->file = NULL; > current->did_exec = 1; > proc_exec_connector(current); > - return retval; > + goto out; > } > read_lock(&binfmt_lock); > put_binfmt(fmt); > @@ -1092,7 +1094,7 @@ int search_binary_handler(struct linux_b > break; > if (!bprm->file) { > read_unlock(&binfmt_lock); > - return retval; > + goto out; > } > } > read_unlock(&binfmt_lock); > @@ -1110,6 +1112,8 @@ int search_binary_handler(struct linux_b > #endif > } > } > +out: > + set_fs(oldfs); > return retval; > } ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: + mm-search_binary_handler-mem-limit-fix.patch added to -mm tree 2007-01-29 11:33 ` + mm-search_binary_handler-mem-limit-fix.patch added to -mm tree Heiko Carstens @ 2007-01-29 13:59 ` Heiko Carstens 2007-01-29 17:37 ` Andrew Morton 0 siblings, 1 reply; 6+ messages in thread From: Heiko Carstens @ 2007-01-29 13:59 UTC (permalink / raw) To: linux-kernel; +Cc: dmonakhov, Andrew Morton, Martin Schwidefsky On Mon, Jan 29, 2007 at 12:33:28PM +0100, Heiko Carstens wrote: > On Wed, Jan 24, 2007 at 01:09:18AM -0800, akpm@osdl.org wrote: > > mm-search_binary_handler-mem-limit-fix.patch > > From: Dmitriy Monakhov <dmonakhov@openvz.org> > > > > The function changes mem limit to USER_DS before possible modprobe, but > > never restored it again. > > > > Signed-off-by: Dmitriy Monakhov <dmonakhov@openvz.org> > > Signed-off-by: Andrew Morton <akpm@osdl.org> > > fs/exec.c | 10 +++++++--- > > 1 file changed, 7 insertions(+), 3 deletions(-) > > > > diff -puN fs/exec.c~mm-search_binary_handler-mem-limit-fix fs/exec.c > > --- a/fs/exec.c~mm-search_binary_handler-mem-limit-fix > > +++ a/fs/exec.c > > @@ -1018,6 +1018,7 @@ int search_binary_handler(struct linux_b > > { > > int try,retval; > > struct linux_binfmt *fmt; > > + mm_segment_t oldfs; > > #ifdef __alpha__ > > /* handle /sbin/loader.. */ > > { > > @@ -1059,11 +1060,12 @@ int search_binary_handler(struct linux_b > > > > /* kernel module loader fixup */ > > /* so we don't try to load run modprobe in kernel space. */ > > + oldfs = get_fs(); > > set_fs(USER_DS); > > > > retval = audit_bprm(bprm); > > if (retval) > > - return retval; > > + goto out; > > > > retval = -ENOENT; > > for (try=0; try<2; try++) { > > @@ -1084,7 +1086,7 @@ int search_binary_handler(struct linux_b > > bprm->file = NULL; > > current->did_exec = 1; > > proc_exec_connector(current); > > - return retval; > > + goto out; > > } > > read_lock(&binfmt_lock); > > put_binfmt(fmt); > > @@ -1092,7 +1094,7 @@ int search_binary_handler(struct linux_b > > break; > > if (!bprm->file) { > > read_unlock(&binfmt_lock); > > - return retval; > > + goto out; > > } > > } > > read_unlock(&binfmt_lock); > > @@ -1110,6 +1112,8 @@ int search_binary_handler(struct linux_b > > #endif > > } > > } > > +out: > > + set_fs(oldfs); > > return retval; > > } This is broken. This is the only place in kernel that sets fs to USER_DS for a new process. With this patch we could as well get rid of USER_DS and all the address space checkings. Besides that it breaks architectures with distinct physical address spaces. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: + mm-search_binary_handler-mem-limit-fix.patch added to -mm tree 2007-01-29 13:59 ` Heiko Carstens @ 2007-01-29 17:37 ` Andrew Morton 2007-01-29 18:18 ` Martin Schwidefsky 0 siblings, 1 reply; 6+ messages in thread From: Andrew Morton @ 2007-01-29 17:37 UTC (permalink / raw) To: Heiko Carstens; +Cc: linux-kernel, dmonakhov, Martin Schwidefsky On Mon, 29 Jan 2007 14:59:58 +0100 Heiko Carstens <heiko.carstens@de.ibm.com> wrote: > On Mon, Jan 29, 2007 at 12:33:28PM +0100, Heiko Carstens wrote: > > On Wed, Jan 24, 2007 at 01:09:18AM -0800, akpm@osdl.org wrote: > > > mm-search_binary_handler-mem-limit-fix.patch > > > From: Dmitriy Monakhov <dmonakhov@openvz.org> > > > > > > The function changes mem limit to USER_DS before possible modprobe, but > > > never restored it again. > > > > > > Signed-off-by: Dmitriy Monakhov <dmonakhov@openvz.org> > > > Signed-off-by: Andrew Morton <akpm@osdl.org> > > > fs/exec.c | 10 +++++++--- > > > 1 file changed, 7 insertions(+), 3 deletions(-) > > > > > > diff -puN fs/exec.c~mm-search_binary_handler-mem-limit-fix fs/exec.c > > > --- a/fs/exec.c~mm-search_binary_handler-mem-limit-fix > > > +++ a/fs/exec.c > > > @@ -1018,6 +1018,7 @@ int search_binary_handler(struct linux_b > > > { > > > int try,retval; > > > struct linux_binfmt *fmt; > > > + mm_segment_t oldfs; > > > #ifdef __alpha__ > > > /* handle /sbin/loader.. */ > > > { > > > @@ -1059,11 +1060,12 @@ int search_binary_handler(struct linux_b > > > > > > /* kernel module loader fixup */ > > > /* so we don't try to load run modprobe in kernel space. */ > > > + oldfs = get_fs(); > > > set_fs(USER_DS); > > > > > > retval = audit_bprm(bprm); > > > if (retval) > > > - return retval; > > > + goto out; > > > > > > retval = -ENOENT; > > > for (try=0; try<2; try++) { > > > @@ -1084,7 +1086,7 @@ int search_binary_handler(struct linux_b > > > bprm->file = NULL; > > > current->did_exec = 1; > > > proc_exec_connector(current); > > > - return retval; > > > + goto out; > > > } > > > read_lock(&binfmt_lock); > > > put_binfmt(fmt); > > > @@ -1092,7 +1094,7 @@ int search_binary_handler(struct linux_b > > > break; > > > if (!bprm->file) { > > > read_unlock(&binfmt_lock); > > > - return retval; > > > + goto out; > > > } > > > } > > > read_unlock(&binfmt_lock); > > > @@ -1110,6 +1112,8 @@ int search_binary_handler(struct linux_b > > > #endif > > > } > > > } > > > +out: > > > + set_fs(oldfs); > > > return retval; > > > } > > This is broken. This is the only place in kernel that sets fs to USER_DS > for a new process. With this patch we could as well get rid of USER_DS and > all the address space checkings. > Besides that it breaks architectures with distinct physical address spaces. hm, thanks for testing - I'll drop it. I don't really understand what's wrong with it though. Maybe it's settng USER_DS on kernel threads? ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: + mm-search_binary_handler-mem-limit-fix.patch added to -mm tree 2007-01-29 17:37 ` Andrew Morton @ 2007-01-29 18:18 ` Martin Schwidefsky 2007-01-30 5:40 ` Dmitriy Monakhov 0 siblings, 1 reply; 6+ messages in thread From: Martin Schwidefsky @ 2007-01-29 18:18 UTC (permalink / raw) To: Andrew Morton; +Cc: Heiko Carstens, linux-kernel, dmonakhov On Mon, 2007-01-29 at 09:37 -0800, Andrew Morton wrote: > hm, thanks for testing - I'll drop it. > > I don't really understand what's wrong with it though. Maybe it's settng > USER_DS on kernel threads? For architectures with a split address space there has to be a call set_fs(USER_DS) that switches from KERNEL_DS to USER_DS for the init process. So far this has been done in search_binary_handler and traditionally the kernel starts with KERNEL_DS to make the early copy_from_user calls work. So, what is wrong with always setting USER_DS? We are starting a user space process after all. -- blue skies, Martin. Martin Schwidefsky Linux for zSeries Development & Services IBM Deutschland Entwicklung GmbH "Reality continues to ruin my life." - Calvin. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: + mm-search_binary_handler-mem-limit-fix.patch added to -mm tree 2007-01-29 18:18 ` Martin Schwidefsky @ 2007-01-30 5:40 ` Dmitriy Monakhov 2007-01-30 12:23 ` Martin Schwidefsky 0 siblings, 1 reply; 6+ messages in thread From: Dmitriy Monakhov @ 2007-01-30 5:40 UTC (permalink / raw) To: schwidefsky; +Cc: Andrew Morton, Heiko Carstens, linux-kernel, dmonakhov > > > The function changes mem limit to USER_DS before possible modprobe, but > > > never restored it again. Truly. The road to hell is paved with good intentions. Martin Schwidefsky <schwidefsky@de.ibm.com> writes: > On Mon, 2007-01-29 at 09:37 -0800, Andrew Morton wrote: >> hm, thanks for testing - I'll drop it. >> >> I don't really understand what's wrong with it though. Maybe it's settng >> USER_DS on kernel threads? > > For architectures with a split address space there has to be a call > set_fs(USER_DS) that switches from KERNEL_DS to USER_DS for the init > process. So far this has been done in search_binary_handler and > traditionally the kernel starts with KERNEL_DS to make the early > copy_from_user calls work. > So, what is wrong with always setting USER_DS? We are starting a user > space process after all. May be add some comment to prevent future attempts to make this place more "correct"? > > -- > blue skies, > Martin. > > Martin Schwidefsky > Linux for zSeries Development & Services > IBM Deutschland Entwicklung GmbH > > "Reality continues to ruin my life." - Calvin. > > > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: + mm-search_binary_handler-mem-limit-fix.patch added to -mm tree 2007-01-30 5:40 ` Dmitriy Monakhov @ 2007-01-30 12:23 ` Martin Schwidefsky 0 siblings, 0 replies; 6+ messages in thread From: Martin Schwidefsky @ 2007-01-30 12:23 UTC (permalink / raw) To: Dmitriy Monakhov; +Cc: Andrew Morton, Heiko Carstens, linux-kernel, dmonakhov On Tue, 2007-01-30 at 08:40 +0300, Dmitriy Monakhov wrote: > > > > The function changes mem limit to USER_DS before possible modprobe, but > > > > never restored it again. > Truly. The road to hell is paved with good intentions. :-) > > For architectures with a split address space there has to be a call > > set_fs(USER_DS) that switches from KERNEL_DS to USER_DS for the init > > process. So far this has been done in search_binary_handler and > > traditionally the kernel starts with KERNEL_DS to make the early > > copy_from_user calls work. > > So, what is wrong with always setting USER_DS? We are starting a user > > space process after all. > May be add some comment to prevent future attempts to make this place > more "correct"? The use of set_fs(USER_DS) in search_binary_handler is certainly different compared to the rest. It probably is the only one that is not paired with a set_fs(KERNEL_DS) or set_fs(old_fs). A comment won't hurt. -- blue skies, Martin. Martin Schwidefsky Linux for zSeries Development & Services IBM Deutschland Entwicklung GmbH "Reality continues to ruin my life." - Calvin. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2007-01-30 12:23 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <200701240909.l0O99IwK013495@shell0.pdx.osdl.net>
2007-01-29 11:33 ` + mm-search_binary_handler-mem-limit-fix.patch added to -mm tree Heiko Carstens
2007-01-29 13:59 ` Heiko Carstens
2007-01-29 17:37 ` Andrew Morton
2007-01-29 18:18 ` Martin Schwidefsky
2007-01-30 5:40 ` Dmitriy Monakhov
2007-01-30 12:23 ` Martin Schwidefsky
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).