Re: [PATCH 02/10] module: fix out-of-range memory access
From: Nick Piggin
Date: Thu Feb 19 2009 - 07:09:10 EST
On Wednesday 18 February 2009 23:04:28 Tejun Heo wrote:
> Impact: subtle memory access bug fix
>
> percpu_modalloc() may access pcpu_size[-1]. The access won't change
> the value by itself but it still is read/write access and dangerous.
> Fix it.
Ditto for this one...
>
> Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
> ---
> kernel/module.c | 14 ++++++++------
> 1 files changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index ba22484..d54a63e 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -426,12 +426,14 @@ static void *percpu_modalloc(unsigned long size,
> unsigned long align, continue;
>
> /* Transfer extra to previous block. */
> - if (pcpu_size[i-1] < 0)
> - pcpu_size[i-1] -= extra;
> - else
> - pcpu_size[i-1] += extra;
> - pcpu_size[i] -= extra;
> - ptr += extra;
> + if (extra) {
> + if (pcpu_size[i-1] < 0)
> + pcpu_size[i-1] -= extra;
> + else
> + pcpu_size[i-1] += extra;
> + pcpu_size[i] -= extra;
> + ptr += extra;
> + }
>
> /* Split block if warranted */
> if (pcpu_size[i] - size > sizeof(unsigned long))
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/