Re: [PATCH] mremap NULL pointer dereference fix
From: Andrew Morton
Date: Tue Feb 17 2004 - 01:00:51 EST
Linus Torvalds <torvalds@xxxxxxxx> wrote:
>
> Hmm.. Looking a bit more at it, does this alternate patch work? It's
> _slightly_ less ugly, and it also removes the nonsensical TLB invalidate
> instead of moving it around together with the comment that says that it
> shouldn't exist.
>
> The TLB is (properly) invalidated by "copy_one_pte()" if the mapping
> actually changes.
>
> Did I miss anything?
This saves a goto. It works, but I wasn't able to trigger
the oops without it either.
diff -puN mm/mremap.c~mremap-oops-fix mm/mremap.c
--- 25/mm/mremap.c~mremap-oops-fix 2004-02-16 20:53:25.000000000 -0800
+++ 25-akpm/mm/mremap.c 2004-02-16 21:00:05.000000000 -0800
@@ -135,15 +135,17 @@ move_one_page(struct vm_area_struct *vma
dst = alloc_one_pte_map(mm, new_addr);
if (src == NULL)
src = get_one_pte_map_nested(mm, old_addr);
- error = copy_one_pte(vma, old_addr, src, dst, &pte_chain);
- pte_unmap_nested(src);
- pte_unmap(dst);
- } else
/*
- * Why do we need this flush ? If there is no pte for
- * old_addr, then there must not be a pte for it as well.
+ * Since alloc_one_pte_map can drop and re-acquire
+ * page_table_lock, we should re-check the src entry...
*/
- flush_tlb_page(vma, old_addr);
+ if (src) {
+ error = copy_one_pte(vma, old_addr, src,
+ dst, &pte_chain);
+ pte_unmap_nested(src);
+ }
+ pte_unmap(dst);
+ }
spin_unlock(&mm->page_table_lock);
pte_chain_free(pte_chain);
out:
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/