The patch titled
fix MADV_REMOVE
has been removed from the -mm tree. Its filename is
fix-madv_remove.patch
This patch was probably dropped from -mm because
it has now been merged into a subsystem tree or
into Linus's tree, or because it was folded into
its parent patch in the -mm tree.
From: Hugh Dickins <hugh@xxxxxxxxxxx>
Currently, madvise(,,MADV_REMOVE) punches a hole right through protections:
any user with readonly access to a file (or shared memory) can wipe all its
data (though fortunately, tmpfs is so far the only filesystem to support
this). Even through a private mapping of an immutable file on a readonly
remount.
We could debate the right test to make: I think the strict test below is
best - only permit it if the file was opened for (reading and) writing, the
mmap said shared, and the mapping is currently writable. We could drop
that last condition, but I think it's better to insist we cannot modify the
file while the mapping is readonly: that works right for shared memory, and
for the security infrastructure (madvise_remove has no security_ callout,
but that's okay if it can do no more damage than writing zeroes to a
writable mapping).
I did consider falling back to MADV_DONTNEED behaviour; but that could be
confusing; and would be inconsistent with the -EINVAL and -ENOSYS failures
madvise_remove already reports.
I notice that the 2.6.17-rc UML now uses MADV_REMOVE, but this change will
mess you up: can_drop_memory's check is on a MAP_PRIVATE mapping, which
will now fail with -EACCES. That's easily fixed by switching to MAP_SHARED
there: but I've not followed through whether your actual uses of
os_drop_memory are all on shared writable mappings or not - please check
and shout if there's a problem. (I also notice your process.c has its own
#ifndef MADV_REMOVE definition of it, but as 5 not 9: better deleted now.)
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
mm/madvise.c | 3 +++
1 files changed, 3 insertions(+)
diff -puN mm/madvise.c~fix-madv_remove mm/madvise.c
--- 25/mm/madvise.c~fix-madv_remove Wed Apr 12 14:29:39 2006
+++ 25-akpm/mm/madvise.c Wed Apr 12 14:29:39 2006
@@ -168,6 +168,9 @@ static long madvise_remove(struct vm_are
return -EINVAL;
}
+ if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
+ return -EACCES;
+
mapping = vma->vm_file->f_mapping;
offset = (loff_t)(start - vma->vm_start)
_
Patches currently in -mm which might be from hugh@xxxxxxxxxxx are
origin.patch
uml-madv_remove-fixes.patch
mm-vm_bug_on.patch
page-migration-make-do_swap_page-redo-the-fault.patch
migration-remove-unnecessary-pageswapcache-checks.patch
migration-remove-unnecessary-pageswapcache-checks-fix.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
