lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0709212146440.13529@blonde.wat.veritas.com>
Date:	Fri, 21 Sep 2007 21:47:19 +0100 (BST)
From:	Hugh Dickins <hugh@...itas.com>
To:	Christoph Lameter <clameter@....com>
cc:	linux-kernel@...r.kernel.org
Subject: [PATCH 5/6] LBS: fix crashes in vma_address

vma_address oopsed on mapping_order(page->mapping): because page may now
be a tail page in which page->mapping is NULL.  There's (too!) many ways
to do this, I went for page_cache_page_order(page_cache_head(page)) so
we can also avoid the PageAnon test.   Indeed, use page_cache_page_order
throughout, to simplify those "page_cache_shift(mapping) - PAGE_SHIFT"s.

vma_address bugged on !PageAnon because loops over page_cache_base_pages
may try a component file page outside the range of the vma: just delete
that BUG_ON now it no longer applies.

Signed-off-by: Hugh Dickins <hugh@...itas.com>

--- 2.6.23-rc6-lbs/mm/rmap.c	2007-09-11 20:01:08.000000000 +0100
+++ linux/mm/rmap.c	2007-09-13 21:22:33.000000000 +0100
@@ -191,17 +191,10 @@ vma_address(struct page *page, struct vm
 	pgoff_t pgoff;
 	unsigned long address;
 
-	if (PageAnon(page))
-		pgoff = page->index;
-	else
-		pgoff = page->index << mapping_order(page->mapping);
-
+	pgoff = page->index << page_cache_page_order(page_cache_head(page));
 	address = vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT);
-	if (unlikely(address < vma->vm_start || address >= vma->vm_end)) {
-		/* page should be within any vma from prio_tree_next */
-		BUG_ON(!PageAnon(page));
+	if (unlikely(address < vma->vm_start || address >= vma->vm_end))
 		return -EFAULT;
-	}
 	return address;
 }
 
@@ -352,7 +345,7 @@ static int page_referenced_file(struct p
 {
 	unsigned int mapcount;
 	struct address_space *mapping = page->mapping;
-	pgoff_t pgoff = page->index << (page_cache_shift(mapping) - PAGE_SHIFT);
+	pgoff_t pgoff = page->index << page_cache_page_order(page);
 	struct vm_area_struct *vma;
 	struct prio_tree_iter iter;
 	int referenced = 0;
@@ -475,7 +468,7 @@ static int page_mkclean_one(struct page 
 
 static int page_mkclean_file(struct address_space *mapping, struct page *page)
 {
-	pgoff_t pgoff = page->index << (page_cache_shift(mapping) - PAGE_SHIFT);
+	pgoff_t pgoff = page->index << page_cache_page_order(page);
 	struct vm_area_struct *vma;
 	struct prio_tree_iter iter;
 	int ret = 0;
@@ -907,7 +900,7 @@ static int try_to_unmap_anon(struct page
 static int try_to_unmap_file(struct page *page, int migration)
 {
 	struct address_space *mapping = page->mapping;
-	pgoff_t pgoff = page->index << (page_cache_shift(mapping) - PAGE_SHIFT);
+	pgoff_t pgoff = page->index << page_cache_page_order(page);
 	struct vm_area_struct *vma;
 	struct prio_tree_iter iter;
 	int ret = SWAP_AGAIN;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ