* Race in check_stack_guard_page?
@ 2013-11-25 23:30 Andy Lutomirski
0 siblings, 0 replies; only message in thread
From: Andy Lutomirski @ 2013-11-25 23:30 UTC (permalink / raw)
To: linux-kernel, linux-mm
I was looking at the stack expansion code, and I'm not convinced it's
safe. Aside from the obvious scariness of down_read(&mmap_sem) not
actually preventing vma changes, I think there's a real race. Suppose
that you have a VM_GROWSDOWN vma above a VM_GROWSUP vma with a
single-page gap between them. Suppose further that they have
different anon_vma roots.
If one ends up in expand_downwards and the other ends up in
expand_upwards at the same time, then each one can take
page_table_lock without re-checking that there's still room to expand.
The result will be two vmas that share a page.
(This is presumably only possible on ia64.)
--Andy
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-11-25 23:30 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-25 23:30 Race in check_stack_guard_page? Andy Lutomirski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox