[PATCH] do_swap_page() can map random data if swap read fails

against 2.6.12-rc4

There is a bug in do_swap_page(): when swap page happens to beunreadable, page filled with random data is mapped into user

address space.
The fix is to check for PageUptodate and send SIGBUS in case of error.

Signed-Off-By: Kirill Korotaev <[email protected]>
Signed-Off-By: Alexey Kuznetsov <[email protected]>

--- ./mm/memory.c.swaperr	2005-05-10 16:10:40.000000000 +0400
+++ ./mm/memory.c	2005-05-10 18:09:12.000000000 +0400
@@ -1701,12 +1701,13 @@ static int do_swap_page(struct mm_struct
 	spin_lock(&mm->page_table_lock);
 	page_table = pte_offset_map(pmd, address);
 	if (unlikely(!pte_same(*page_table, orig_pte))) {
-		pte_unmap(page_table);
-		spin_unlock(&mm->page_table_lock);
-		unlock_page(page);
-		page_cache_release(page);
 		ret = VM_FAULT_MINOR;
-		goto out;
+		goto out_nomap;
+	}
+
+	if (unlikely(!PageUptodate(page))) {
+		ret = VM_FAULT_SIGBUS;
+		goto out_nomap;
 	}
 
 	/* The page isn't present yet, go ahead with the fault. */
@@ -1741,6 +1742,12 @@ static int do_swap_page(struct mm_struct
 	spin_unlock(&mm->page_table_lock);
 out:
 	return ret;
+out_nomap:
+	pte_unmap(page_table);
+	spin_unlock(&mm->page_table_lock);
+	unlock_page(page);
+	page_cache_release(page);
+	goto out;
 }
 
 /*

Follow-Ups:
- Re: [PATCH] do_swap_page() can map random data if swap read fails
  - From: Hugh Dickins <[email protected]>

Prev by Date: [PATCH] mm acct accounting fix
Next by Date: Re: [RFC/PATCH 2/5] mm/fs: add execute in place support
Previous by thread: [PATCH] mm acct accounting fix
Next by thread: Re: [PATCH] do_swap_page() can map random data if swap read fails
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]