[ZVC 1/4] Fix potential use of out of range page in kmem_getpages.

From: Christoph Lameter
Date: Tue Jun 27 2006 - 13:44:45 EST

Next message: H. Peter Anvin: "Re: klibc and what's the next step?"
Previous message: Andi Kleen: "Re: klibc and what's the next step?"
Next in thread: Christoph Lameter: "[ZVC 2/4] highmem.c: Use page after it may have been freed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ZVC: Fix potential use of out of range page in kmem_getpages.

We use page_zone(page) following several page increments in kmem_getpages().
Which page in a zone we use really does not matter. However, we may reach an
invalid page and then oops.

So move the counter decrement before we increment page.

Signed-off-by: Christoph Lameter <clameter@xxxxxxx>

Index: linux-2.6.17-mm3/mm/slab.c
===================================================================
--- linux-2.6.17-mm3.orig/mm/slab.c 2006-06-27 09:40:25.620599382 -0700
+++ linux-2.6.17-mm3/mm/slab.c 2006-06-27 09:40:32.330144958 -0700
@@ -1539,12 +1539,12 @@ static void kmem_freepages(struct kmem_c
struct page *page = virt_to_page(addr);
const unsigned long nr_freed = i;

+ sub_zone_page_state(page_zone(page), NR_SLAB, nr_freed);
while (i--) {
BUG_ON(!PageSlab(page));
__ClearPageSlab(page);
page++;
}
- sub_zone_page_state(page_zone(page), NR_SLAB, nr_freed);
if (current->reclaim_state)
current->reclaim_state->reclaimed_slab += nr_freed;
free_pages((unsigned long)addr, cachep->gfporder);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: H. Peter Anvin: "Re: klibc and what's the next step?"
Previous message: Andi Kleen: "Re: klibc and what's the next step?"
Next in thread: Christoph Lameter: "[ZVC 2/4] highmem.c: Use page after it may have been freed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]