Re: [PATCH] mremap NULL pointer dereference fix

From: Linus Torvalds
Date: Tue Feb 17 2004 - 00:39:42 EST




On Mon, 16 Feb 2004, Rajesh Venkatasubramanian wrote:
>
> This path fixes a NULL pointer dereference bug in mremap. In
> move_one_page we need to re-check the src because an allocation
> for the dst page table can drop page_table_lock, and somebody
> else can invalidate the src.

Ugly, but yes. The "!page_table_present(mm, new_addr))" code just before
the "alloc_one_pte_map()" should already have done this, but while the
page tables themselves are safe due to us holding the mm semaphore, the
pte entry itself at "src" is not.

I hate that code, and your patch makes it even uglier. This code could do
with a real clean-up, but for now I think your patch will do.

Thanks,

Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/