[PATCH] Fix /proc/pid/pagemap return length calculation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



/proc/pid/pagemap has a header (usually 8 bytes) the length
of which needs to be compensated for when converting from
proc file offset to page number.  The calculation of the
starting page number (svpfn) compensates for this, but the
calculation of the ending page number (evpfn) does not, resulting
in reads returning 8 bytes more than were asked for and
nastily overwriting userspace memory.

Diffed against 2.6.23-rc1-mm2

Signed-off-by: Dave Boutcher <[email protected]>
---
 fs/proc/task_mmu.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 4594f15..b2baeab 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -627,7 +627,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
 	addr = PAGE_SIZE * svpfn;
 	if ((svpfn + 1) * sizeof(unsigned long) != src)
 		goto out;
-	evpfn = min((src + count) / sizeof(unsigned long),
+	evpfn = min((src + count) / sizeof(unsigned long) - 1,
 		    ((~0UL) >> PAGE_SHIFT) + 1);
 	count = (evpfn - svpfn) * sizeof(unsigned long);
 	end = PAGE_SIZE * evpfn;
-- 
1.4.4.2

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux