[PATCH] Fix /proc/pid/pagemap return length calculation
From: Dave Boutcher
Date: Sun Aug 05 2007 - 23:05:36 EST
/proc/pid/pagemap has a header (usually 8 bytes) the length
of which needs to be compensated for when converting from
proc file offset to page number. The calculation of the
starting page number (svpfn) compensates for this, but the
calculation of the ending page number (evpfn) does not, resulting
in reads returning 8 bytes more than were asked for and
nastily overwriting userspace memory.
Diffed against 2.6.23-rc1-mm2
Signed-off-by: Dave Boutcher <boutcher@xxxxxxxxxx>
---
fs/proc/task_mmu.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 4594f15..b2baeab 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -627,7 +627,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
addr = PAGE_SIZE * svpfn;
if ((svpfn + 1) * sizeof(unsigned long) != src)
goto out;
- evpfn = min((src + count) / sizeof(unsigned long),
+ evpfn = min((src + count) / sizeof(unsigned long) - 1,
((~0UL) >> PAGE_SHIFT) + 1);
count = (evpfn - svpfn) * sizeof(unsigned long);
end = PAGE_SIZE * evpfn;
--
1.4.4.2
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/