[PATCH -mm 1/2] swsusp: userland interface fixes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Fix two bugs in the swsusp userland interface:

1) Prevent the SNAPSHOT_FREE_SWAP_PAGES ioctl from leaking swap pages
due to the wrong condition.

2) Pevent snapshot_write_next() and snapshot_read_next() from using a freed
page (this could happend if the snapshot ioctls were called repeatedly
without closing the device, eg. when attempting to create the image for the
second time with image_size = 0).


Signed-off-by: Rafael J. Wysocki <[email protected]>
---
 kernel/power/snapshot.c |    5 ++---
 kernel/power/user.c     |    2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

Index: linux-2.6.16-rc3-mm1/kernel/power/user.c
===================================================================
--- linux-2.6.16-rc3-mm1.orig/kernel/power/user.c	2006-02-14 22:37:24.000000000 +0100
+++ linux-2.6.16-rc3-mm1/kernel/power/user.c	2006-02-14 22:38:07.000000000 +0100
@@ -237,7 +237,7 @@ static int snapshot_ioctl(struct inode *
 		break;
 
 	case SNAPSHOT_FREE_SWAP_PAGES:
-		if (data->swap >= 0 && data->swap < MAX_SWAPFILES) {
+		if (data->swap < 0 || data->swap >= MAX_SWAPFILES) {
 			error = -ENODEV;
 			break;
 		}
Index: linux-2.6.16-rc3-mm1/kernel/power/snapshot.c
===================================================================
--- linux-2.6.16-rc3-mm1.orig/kernel/power/snapshot.c	2006-02-14 22:46:17.000000000 +0100
+++ linux-2.6.16-rc3-mm1/kernel/power/snapshot.c	2006-02-14 22:47:02.000000000 +0100
@@ -37,6 +37,7 @@
 struct pbe *pagedir_nosave;
 static unsigned int nr_copy_pages;
 static unsigned int nr_meta_pages;
+static unsigned long *buffer;
 
 #ifdef CONFIG_HIGHMEM
 unsigned int count_highmem_pages(void)
@@ -421,6 +422,7 @@ void swsusp_free(void)
 	nr_copy_pages = 0;
 	nr_meta_pages = 0;
 	pagedir_nosave = NULL;
+	buffer = NULL;
 }
 
 
@@ -573,8 +575,6 @@ static inline struct pbe *pack_orig_addr
 
 int snapshot_read_next(struct snapshot_handle *handle, size_t count)
 {
-	static unsigned long *buffer;
-
 	if (handle->page > nr_meta_pages + nr_copy_pages)
 		return 0;
 	if (!buffer) {
@@ -779,7 +779,6 @@ static int create_image(struct snapshot_
 
 int snapshot_write_next(struct snapshot_handle *handle, size_t count)
 {
-	static unsigned long *buffer;
 	int error = 0;
 
 	if (handle->prev && handle->page > nr_meta_pages + nr_copy_pages)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux