[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <18102.33131.876436.899189@gargle.gargle.HOWL>
Date: Sun, 5 Aug 2007 21:03:23 -0500
From: boutcher@...umn.edu (Dave Boutcher)
To: Matt Mackall <mpm@...enic.com>
CC: linux-kernel@...r.kernel.org
Subject: [PATCH] Fix /proc/pid/pagemap return length calculation
/proc/pid/pagemap has a header (usually 8 bytes) the length
of which needs to be compensated for when converting from
proc file offset to page number. The calculation of the
starting page number (svpfn) compensates for this, but the
calculation of the ending page number (evpfn) does not, resulting
in reads returning 8 bytes more than were asked for and
nastily overwriting userspace memory.
Diffed against 2.6.23-rc1-mm2
Signed-off-by: Dave Boutcher <boutcher@...umn.edu>
---
fs/proc/task_mmu.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 4594f15..b2baeab 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -627,7 +627,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
addr = PAGE_SIZE * svpfn;
if ((svpfn + 1) * sizeof(unsigned long) != src)
goto out;
- evpfn = min((src + count) / sizeof(unsigned long),
+ evpfn = min((src + count) / sizeof(unsigned long) - 1,
((~0UL) >> PAGE_SHIFT) + 1);
count = (evpfn - svpfn) * sizeof(unsigned long);
end = PAGE_SIZE * evpfn;
--
1.4.4.2
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists