From: Matthew Wilcox <willy@infradead.org>
To: "Liam R. Howlett" <Liam.Howlett@oracle.com>,
Andrew Morton <akpm@linux-foundation.org>,
maple-tree@lists.infradead.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, pedro.falcato@gmail.com,
stable <stable@kernel.org>
Subject: Re: [PATCH 0/2] maple_tree: Fix mas_prev() state regression.
Date: Thu, 21 Sep 2023 20:23:11 +0100 [thread overview]
Message-ID: <ZQyYH+5pnDc1KYj0@casper.infradead.org> (raw)
In-Reply-To: <20230921185330.j5jw3oms4tc6crkf@revolver>
On Thu, Sep 21, 2023 at 02:53:30PM -0400, Liam R. Howlett wrote:
> * Andrew Morton <akpm@linux-foundation.org> [230921 14:25]:
> > On Thu, 21 Sep 2023 14:12:34 -0400 "Liam R. Howlett" <Liam.Howlett@oracle.com> wrote:
> >
> > > Pedro Falcato contacted me on IRC with an mprotect regression which was
> > > bisected back to the iterator changes for maple tree. Root cause
> > > analysis showed the mas_prev() running off the end of the VMA space
> > > (previous from 0) followed by mas_find(), would skip the first value.
> > >
> > > This patch set introduces maple state underflow/overflow so the sequence
> > > of calls on the maple state will return what the user expects.
> >
> > It isn't clear what are the user-visible effects of this flaw? Please
> > send this along and I'll paste it in.
>
>
> User may notice that mas_prev() or mas_next() calls that result in going
> outside of the limit passed to the call will cause incorrect returns on
> subsequent calls using that maple state, such as mas_find() skipping an
> entry.
When Andrew says "User visible" he means "userspace visible". Not
"in kernel user visible". What are the _consequences_.
I'd say that if the user maps something at address 0, mprotect() can
then fail to ... or something.
next prev parent reply other threads:[~2023-09-21 19:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-21 18:12 Liam R. Howlett
2023-09-21 18:12 ` [PATCH 1/2] maple_tree: Add mas_active() to detect in-tree walks Liam R. Howlett
2023-09-21 18:12 ` [PATCH 2/2] maple_tree: Add MAS_UNDERFLOW and MAS_OVERFLOW states Liam R. Howlett
2023-09-21 18:40 ` Matthew Wilcox
2023-09-21 18:47 ` Liam R. Howlett
2023-09-21 18:25 ` [PATCH 0/2] maple_tree: Fix mas_prev() state regression Andrew Morton
2023-09-21 18:53 ` Liam R. Howlett
2023-09-21 19:23 ` Matthew Wilcox [this message]
2023-09-21 23:27 ` Andrew Morton
2023-09-21 23:34 ` Liam R. Howlett
2023-09-21 23:41 ` Pedro Falcato
2023-09-21 23:51 ` Liam R. Howlett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZQyYH+5pnDc1KYj0@casper.infradead.org \
--to=willy@infradead.org \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=maple-tree@lists.infradead.org \
--cc=pedro.falcato@gmail.com \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox