• yonghua zheng's avatar
    fs/proc/task_mmu.c: fix buffer overflow in add_page_map() · 8c829622
    yonghua zheng authored
    Recently we met quite a lot of random kernel panic issues after enabling
    CONFIG_PROC_PAGE_MONITOR.  After debuggind we found this has something
    to do with following bug in pagemap:
    
    In struct pagemapread:
    
      struct pagemapread {
          int pos, len;
          pagemap_entry_t *buffer;
          bool v2;
      };
    
    pos is number of PM_ENTRY_BYTES in buffer, but len is the size of
    buffer, it is a mistake to compare pos and len in add_page_map() for
    checking buffer is full or not, and this can lead to buffer overflow and
    random kernel panic issue.
    
    Correct len to be total number of PM_ENTRY_BYTES in buffer.
    
    [akpm@linux-foundation.org: document pagemapread.pos and .len units, fix PM_ENTRY_BYTES definition]
    Signed-off-by: default avatarYonghua Zheng <younghua.zheng@gmail.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    8c829622
task_mmu.c 37.5 KB