On Wed, 2007-08-22 at 11:48 +0300, Dan Aloni wrote: > On Wed, Jun 13, 2007 at 12:03:37PM +0200, Peter Zijlstra wrote: > > From: Ollie Wild <[email protected]> > > > > Remove the arg+env limit of MAX_ARG_PAGES by copying the strings directly > > from the old mm into the new mm. > > > [...] > > +static int __bprm_mm_init(struct linux_binprm *bprm) > > +{ > [...] > > + vma->vm_flags = VM_STACK_FLAGS; > > + vma->vm_page_prot = protection_map[vma->vm_flags & 0x7]; > > + err = insert_vm_struct(mm, vma); > > + if (err) { > > + up_write(&mm->mmap_sem); > > + goto err; > > + } > > + > > That change causes a crash in khelper when overcommit_memory = 2 > under 2.6.23-rc3. > > When a khelper execs, at __bprm_mm_init() current->mm is still NULL. > insert_vm_struct() calls security_vm_enough_memory(), which calls > __vm_enough_memory(), and that's where current->mm->total_vm gets > dereferenced. Alan proposed this patch: http://lkml.org/lkml/2007/8/13/782
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- Re: [patch 3/3] mm: variable length argument support
- From: Andrew Morton <[email protected]>
- Re: [patch 3/3] mm: variable length argument support
- References:
- Re: [patch 3/3] mm: variable length argument support
- From: Dan Aloni <[email protected]>
- Re: [patch 3/3] mm: variable length argument support
- Prev by Date: [2.6.20.17 review 53/58] direct-io: fix error-path crashes
- Next by Date: Re: RFC: drop support for gcc < 4.0
- Previous by thread: Re: [patch 3/3] mm: variable length argument support
- Next by thread: Re: [patch 3/3] mm: variable length argument support
- Index(es):
 |