Fix two bugs in the swsusp userland interface:
1) Prevent the SNAPSHOT_FREE_SWAP_PAGES ioctl from leaking swap pages
due to the wrong condition.
2) Pevent snapshot_write_next() and snapshot_read_next() from using a freed
page (this could happend if the snapshot ioctls were called repeatedly
without closing the device, eg. when attempting to create the image for the
second time with image_size = 0).
Signed-off-by: Rafael J. Wysocki <[email protected]>
---
kernel/power/snapshot.c | 5 ++---
kernel/power/user.c | 2 +-
2 files changed, 3 insertions(+), 4 deletions(-)
Index: linux-2.6.16-rc3-mm1/kernel/power/user.c
===================================================================
--- linux-2.6.16-rc3-mm1.orig/kernel/power/user.c 2006-02-14 22:37:24.000000000 +0100
+++ linux-2.6.16-rc3-mm1/kernel/power/user.c 2006-02-14 22:38:07.000000000 +0100
@@ -237,7 +237,7 @@ static int snapshot_ioctl(struct inode *
break;
case SNAPSHOT_FREE_SWAP_PAGES:
- if (data->swap >= 0 && data->swap < MAX_SWAPFILES) {
+ if (data->swap < 0 || data->swap >= MAX_SWAPFILES) {
error = -ENODEV;
break;
}
Index: linux-2.6.16-rc3-mm1/kernel/power/snapshot.c
===================================================================
--- linux-2.6.16-rc3-mm1.orig/kernel/power/snapshot.c 2006-02-14 22:46:17.000000000 +0100
+++ linux-2.6.16-rc3-mm1/kernel/power/snapshot.c 2006-02-14 22:47:02.000000000 +0100
@@ -37,6 +37,7 @@
struct pbe *pagedir_nosave;
static unsigned int nr_copy_pages;
static unsigned int nr_meta_pages;
+static unsigned long *buffer;
#ifdef CONFIG_HIGHMEM
unsigned int count_highmem_pages(void)
@@ -421,6 +422,7 @@ void swsusp_free(void)
nr_copy_pages = 0;
nr_meta_pages = 0;
pagedir_nosave = NULL;
+ buffer = NULL;
}
@@ -573,8 +575,6 @@ static inline struct pbe *pack_orig_addr
int snapshot_read_next(struct snapshot_handle *handle, size_t count)
{
- static unsigned long *buffer;
-
if (handle->page > nr_meta_pages + nr_copy_pages)
return 0;
if (!buffer) {
@@ -779,7 +779,6 @@ static int create_image(struct snapshot_
int snapshot_write_next(struct snapshot_handle *handle, size_t count)
{
- static unsigned long *buffer;
int error = 0;
if (handle->prev && handle->page > nr_meta_pages + nr_copy_pages)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]