github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
523578f790
linux/fs/proc
History
yonghua zheng d77d52563b fs/proc/task_mmu.c: fix buffer overflow in add_page_map() 
commit 8c8296223f upstream.

Recently we met quite a lot of random kernel panic issues after enabling
CONFIG_PROC_PAGE_MONITOR.  After debuggind we found this has something
to do with following bug in pagemap:

In struct pagemapread:

  struct pagemapread {
      int pos, len;
      pagemap_entry_t *buffer;
      bool v2;
  };

pos is number of PM_ENTRY_BYTES in buffer, but len is the size of
buffer, it is a mistake to compare pos and len in add_page_map() for
checking buffer is full or not, and this can lead to buffer overflow and
random kernel panic issue.

Correct len to be total number of PM_ENTRY_BYTES in buffer.

[akpm@linux-foundation.org: document pagemapread.pos and .len units, fix PM_ENTRY_BYTES definition]
Signed-off-by: Yonghua Zheng <younghua.zheng@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-08-20 08:26:27 -07:00
..
array.c procfs: fix /proc/statm 2012-03-28 17:14:35 -07:00
base.c vfs: Fix /proc/<tid>/fdinfo/<fd> file handling 2012-06-10 00:36:18 +09:00
cmdline.c
consoles.c console: rename acquire/release_console_sem() to console_lock/unlock() 2011-01-26 10:50:06 +10:00
cpuinfo.c
devices.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
generic.c switch procfs to umode_t use 2012-01-03 22:54:56 -05:00
inode.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
internal.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl 2012-03-23 18:08:58 -07:00
interrupts.c
Kconfig kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
kcore.c fs/proc/kcore.c: make get_sparsemem_vmemmap_info() static 2012-03-23 16:58:42 -07:00
kmsg.c procfs: Use generic_file_llseek in /proc/kmsg 2010-04-09 16:35:41 +02:00
loadavg.c
Makefile ns: proc files for namespace naming policy. 2011-05-10 14:31:44 -07:00
meminfo.c fs/proc/meminfo.c: fix compilation error 2011-12-09 07:50:28 -08:00
mmu.c
namespaces.c fs/proc/namespaces.c: prevent crash when ns_entries[] is empty 2012-03-28 17:14:37 -07:00
nommu.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
page.c kpageflags: fix wrong KPF_THP on non-huge compound pages 2012-10-13 05:38:50 +09:00
proc_devtree.c of/flattree: Drop an uninteresting message to pr_debug level 2011-03-02 13:45:18 -07:00
proc_net.c switch procfs to umode_t use 2012-01-03 22:54:56 -05:00
proc_sysctl.c fs/proc: fix potential unregister_sysctl_table hang 2012-10-02 10:29:54 -07:00
proc_tty.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
root.c proc: fix mount -t proc -o AAA 2012-04-05 15:25:50 -07:00
softirqs.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
stat.c nohz: Fix idle ticks in cpu summary line of /proc/stat 2012-10-28 10:14:12 -07:00
task_mmu.c fs/proc/task_mmu.c: fix buffer overflow in add_page_map() 2013-08-20 08:26:27 -07:00
task_nommu.c procfs: mark thread stack correctly in proc/<pid>/maps 2012-03-21 17:54:58 -07:00
uptime.c Merge branch 'sched/core' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into cputime-tip 2011-12-19 19:23:15 +01:00
version.c
vmcore.c fadump: Introduce cleanup routine to invalidate /proc/vmcore. 2012-02-23 10:50:02 +11:00