Re: [bugfix] try_to_unmap_cluster() passes out-of-bounds pte to pte_unmap()

William Lee Irwin III <[email protected]> wrote:
>
> try_to_unmap_cluster() does:
>          for (pte = pte_offset_map(pmd, address);
>                          address < end; pte++, address += PAGE_SIZE) {
>  		...
>  	}
> 
>  	pte_unmap(pte);
> 
>  It may take a little staring to notice, but pte can actually fall off
>  the end of the pte page in this iteration,

That's about the third place we've had this bug.  Whoever keeps adding it
really should stop.

Thanks.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- 2.6.12-rc4-mm2
  - From: Andrew Morton <[email protected]>
- [bugfix] try_to_unmap_cluster() passes out-of-bounds pte to pte_unmap()
  - From: William Lee Irwin III <[email protected]>

Prev by Date: Re: When we detect that a 16550 was in fact part of a NatSemi SuperIO chip
Next by Date: Re: When we detect that a 16550 was in fact part of a NatSemi SuperIO chip
Previous by thread: [bugfix] try_to_unmap_cluster() passes out-of-bounds pte to pte_unmap()
Next by thread: Re: [bugfix] try_to_unmap_cluster() passes out-of-bounds pte to pte_unmap()
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]