linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 22:02:02 +00:00

No description

Find a file

Wang Nan 786b924d39 mm, oom_reaper: gather each vma to prevent leaking TLB entry commit `687cb0884a` upstream. tlb_gather_mmu(&tlb, mm, 0, -1) means gathering the whole virtual memory space. In this case, tlb->fullmm is true. Some archs like arm64 doesn't flush TLB when tlb->fullmm is true: commit `5a7862e830` ("arm64: tlbflush: avoid flushing when fullmm == 1"). Which causes leaking of tlb entries. Will clarifies his patch: "Basically, we tag each address space with an ASID (PCID on x86) which is resident in the TLB. This means we can elide TLB invalidation when pulling down a full mm because we won't ever assign that ASID to another mm without doing TLB invalidation elsewhere (which actually just nukes the whole TLB). I think that means that we could potentially not fault on a kernel uaccess, because we could hit in the TLB" There could be a window between complete_signal() sending IPI to other cores and all threads sharing this mm are really kicked off from cores. In this window, the oom reaper may calls tlb_flush_mmu_tlbonly() to flush TLB then frees pages. However, due to the above problem, the TLB entries are not really flushed on arm64. Other threads are possible to access these pages through TLB entries. Moreover, a copy_to_user() can also write to these pages without generating page fault, causes use-after-free bugs. This patch gathers each vma instead of gathering full vm space. In this case tlb->fullmm is not true. The behavior of oom reaper become similar to munmapping before do_exit, which should be safe for all archs. Link: http://lkml.kernel.org/r/20171107095453.179940-1-wangnan0@huawei.com Fixes: `aac4536355` ("mm, oom: introduce oom reaper") Signed-off-by: Wang Nan <wangnan0@huawei.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: David Rientjes <rientjes@google.com> Cc: Minchan Kim <minchan@kernel.org> Cc: Will Deacon <will.deacon@arm.com> Cc: Bob Liu <liubo95@huawei.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Roman Gushchin <guro@fb.com> Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2017-12-05 11:26:28 +01:00
arch	ARM64: dts: meson-gxl: Add alternate ARM Trusted Firmware reserved memory zone	2017-11-30 08:40:58 +00:00
block	block: Fix a race between blk_cleanup_queue() and timeout handling	2017-11-30 08:40:52 +00:00
certs	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
crypto	crypto: dh - Don't permit 'key' or 'g' size longer than 'p'	2017-11-21 09:49:21 +01:00
Documentation	Documentation: enforcement-statement: name updates	2017-11-05 10:21:06 -08:00
drivers	platform/x86: hp-wmi: Fix tablet mode detection for convertibles	2017-12-05 11:26:27 +01:00
firmware	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
fs	dax: fix PMD faults on zero-length files	2017-11-30 08:40:53 +00:00
include	SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status	2017-11-30 08:40:53 +00:00
init	License cleanup: add SPDX license identifiers to some files	2017-11-02 10:04:46 -07:00
ipc	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
kernel	genirq: Track whether the trigger type has been set	2017-11-30 08:40:52 +00:00
lib	lib/mpi: call cond_resched() from mpi_powm() loop	2017-11-30 08:40:39 +00:00
mm	mm, oom_reaper: gather each vma to prevent leaking TLB entry	2017-12-05 11:26:28 +01:00
net	NFC: fix device-allocation error return	2017-11-30 08:40:55 +00:00
samples	License cleanup: add SPDX license identifiers to some files	2017-11-02 10:04:46 -07:00
scripts	scripts: add leaking_addresses.pl	2017-11-06 11:46:42 -08:00
security	ima: do not update security.ima if appraisal status is not INTEGRITY_PASS	2017-11-24 08:37:03 +01:00
sound	ASoC: sun8i-codec: Set the BCLK divider	2017-11-30 08:40:49 +00:00
tools	selftests/x86/protection_keys: Fix syscall NR redefinition warnings	2017-11-21 09:49:22 +01:00
usr	initramfs: fix initramfs rebuilds w/ compression after disabling	2017-11-03 07:39:19 -07:00
virt	Fixes for interrupt controller emulation in ARM/ARM64 and x86, plus a one-liner	2017-11-04 11:44:55 -07:00
.cocciconfig
.get_maintainer.ignore
.gitattributes	.gitattributes: set git diff driver for C source code files	2016-10-07 18:46:30 -07:00
.gitignore	kbuild: Add support to generate LLVM assembly files	2017-04-25 08:13:52 +09:00
.mailmap	.mailmap: Add Maciej W. Rozycki's Imagination e-mail address	2017-11-10 12:16:15 -08:00
COPYING
CREDITS	MAINTAINERS: update TPM driver infrastructure changes	2017-11-09 17:58:40 -08:00
Kbuild	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
Kconfig	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
MAINTAINERS	Merge branch 'akpm' (patches from Andrew)	2017-11-09 18:26:51 -08:00
Makefile	Linux 4.14.3	2017-11-30 08:41:00 +00:00
README	README: add a new README file, pointing to the Documentation/	2016-10-24 08:12:35 -02:00

README

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.