lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <tip-ce2ae53b750abfaa012ce408e93da131a5b5649b@git.kernel.org>
Date:	Sat, 11 Jul 2009 10:42:34 GMT
From:	tip-bot for Sonny Rao <sonnyrao@...ibm.com>
To:	linux-tip-commits@...r.kernel.org
Cc:	linux-kernel@...r.kernel.org, hpa@...or.com, mingo@...hat.com,
	sonnyrao@...ibm.com, tglx@...utronix.de, mingo@...e.hu
Subject: [tip:core/urgent] futexes: Fix infinite loop in get_futex_key() on huge page

Commit-ID:  ce2ae53b750abfaa012ce408e93da131a5b5649b
Gitweb:     http://git.kernel.org/tip/ce2ae53b750abfaa012ce408e93da131a5b5649b
Author:     Sonny Rao <sonnyrao@...ibm.com>
AuthorDate: Fri, 10 Jul 2009 18:13:13 -0500
Committer:  Ingo Molnar <mingo@...e.hu>
CommitDate: Sat, 11 Jul 2009 12:40:44 +0200

futexes: Fix infinite loop in get_futex_key() on huge page

get_futex_key() can infinitely loop if it is called on a
virtual address that is within a huge page but not aligned to
the beginning of that page.  The call to get_user_pages_fast
will return the struct page for a sub-page within the huge page
and the check for page->mapping will always fail.

The fix is to call compound_head on the page before checking
that it's mapped.

Signed-off-by: Sonny Rao <sonnyrao@...ibm.com>
Acked-by: Thomas Gleixner <tglx@...utronix.de>
Cc: stable@...nel.org
Cc: anton@...ba.org
Cc: rajamony@...ibm.com
Cc: speight@...ibm.com
Cc: mstephen@...ibm.com
Cc: grimm@...ibm.com
Cc: mikey@...abs.au.ibm.com
LKML-Reference: <20090710231313.GA23572@...ibm.com>
Signed-off-by: Ingo Molnar <mingo@...e.hu>


---
 kernel/futex.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/kernel/futex.c b/kernel/futex.c
index 794c862..0672ff8 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -247,6 +247,7 @@ again:
 	if (err < 0)
 		return err;
 
+	page = compound_head(page);
 	lock_page(page);
 	if (!page->mapping) {
 		unlock_page(page);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ