From: Bruce Dubbs <bruce.dubbs@gmail.com>
To: linux-kernel@vger.kernel.org
Subject: [PATCH] Add additional error check to mm/mincore.c
Date: Sat, 24 Mar 2007 20:48:27 -0500 [thread overview]
Message-ID: <4605D4EB.5060205@gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 544 bytes --]
I some circumstances, mincore can succeed when it shouldn't.
Example:
Two files are mmapped to a process and they are adjacent in memory.
If mincore is run with a requested length that is too large, the
function does not differentiate between the different file pointers
within the different vma structures and inappropriately returns success.
The attached patch, against 2.6.20.3, fixes this behavior.
This behavior was found when running the Linux Test Project's mincore01
on an IA32 system. Test 3 "unexpectedly" succeeds.
-- Bruce
[-- Attachment #2: mincore.patch --]
[-- Type: text/plain, Size: 1523 bytes --]
--- mm/mincore.c.old 2007-03-24 19:55:01.000000000 -0500
+++ mm/mincore.c 2007-03-24 20:13:43.000000000 -0500
@@ -43,7 +43,8 @@
* all the arguments, we hold the mmap semaphore: we should
* just return the amount of info we're asked for.
*/
-static long do_mincore(unsigned long addr, unsigned char *vec, unsigned long pages)
+static long do_mincore(unsigned long addr, unsigned char *vec, unsigned long pages,
+ struct file** file_struct)
{
unsigned long i, nr, pgoff;
struct vm_area_struct *vma = find_vma(current->mm, addr);
@@ -64,7 +65,19 @@
* this is what we've traditionally done, so we'll just
* continue doing it.
*/
- if (!vma->vm_file)
+
+ /*
+ * Initialize file pointer to the value in the first vma structure
+ */
+
+ if ( *file_struct == NULL && vma->vm_file )
+ *file_struct = vma->vm_file;
+
+ /*
+ * Return an error if the is no file mapped of the file is different
+ */
+
+ if (!vma->vm_file || vma->vm_file != *file_struct)
return -ENOMEM;
/*
@@ -115,6 +128,7 @@
long retval;
unsigned long pages;
unsigned char *tmp;
+ static struct file* file = NULL;
/* Check the start address: needs to be page-aligned.. */
if (start & ~PAGE_CACHE_MASK)
@@ -142,7 +156,7 @@
* the temporary buffer size.
*/
down_read(¤t->mm->mmap_sem);
- retval = do_mincore(start, tmp, min(pages, PAGE_SIZE));
+ retval = do_mincore(start, tmp, min(pages, PAGE_SIZE), &file);
up_read(¤t->mm->mmap_sem);
if (retval <= 0)
next reply other threads:[~2007-03-25 1:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-25 1:48 Bruce Dubbs [this message]
2007-03-25 13:42 ` [PATCH] Add additional error check to mm/mincore.c Hugh Dickins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4605D4EB.5060205@gmail.com \
--to=bruce.dubbs@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox