| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Feb 2009 17:56:39 -0800 From: Jeffrey Mogul <Jeff.Mogul@...com> To: Alexey Dobriyan <adobriyan@...il.com> Cc: linux-kernel@...r.kernel.org, stable@...nel.org, Jeff.Mogul@...com Subject: [PATCH] proc: /proc/kpageflags: incorrect arg order in kpf_copy_bits() The code in fs/proc/page.c that implements /proc/kpageflags has two similar but different bugs in the way that it copies bits from the internal page->flags representation to the exported representation: (1) The kpf_copy_bits() macro was defined with argument order (flags, srcpos, dstpos), which is the logical order, but all but one of the uses of this macro invoke it instead in the order (flags, dstpos, srcpos). This only affects the output for a few flags, since in most -- but not all! -- cases, srcpos == dstpos. I fixed this by changing the macro definition rather than the macro uses, which minimizes the number of lines to change but which might not be the most obvious/logical design. (2) One use of the kpf_copy_bit macro (for the PG_locked flag) had the arguments in a random (rotated?) order, and was clearly wrong. These bugs appear to have been in the code since /proc/kpageflags was introduced (2.6.25). CC: stable@...nel.org Signed-off-by: Jeff Mogul <Jeff.Mogul@...com> --- fs/proc/page.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- linux-2.6.28.7/fs/proc/page.c.orig 2009-02-26 17:16:42.000000000 -0800 +++ linux-2.6.28.7/fs/proc/page.c 2009-02-26 17:18:04.000000000 -0800 @@ -80,7 +80,8 @@ static const struct file_operations proc #define KPF_RECLAIM 9 #define KPF_BUDDY 10 -#define kpf_copy_bit(flags, srcpos, dstpos) (((flags >> srcpos) & 1) << dstpos) +/* Arg order is dstpos,srcpos because that's how this macro is used below */ +#define kpf_copy_bit(flags, dstpos, srcpos) (((flags >> srcpos) & 1) << dstpos) static ssize_t kpageflags_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) @@ -107,7 +108,7 @@ static ssize_t kpageflags_read(struct fi else kflags = ppage->flags; - uflags = kpf_copy_bit(KPF_LOCKED, PG_locked, kflags) | + uflags = kpf_copy_bit(kflags, KPF_LOCKED, PG_locked) | kpf_copy_bit(kflags, KPF_ERROR, PG_error) | kpf_copy_bit(kflags, KPF_REFERENCED, PG_referenced) | kpf_copy_bit(kflags, KPF_UPTODATE, PG_uptodate) | -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists