mirror of
https://github.com/brain-hackers/linux-brain.git
synced 2024-06-09 23:36:23 +09:00
mm/pagewalk.c: report holes in hugetlb ranges
commit373c4557d2
upstream. This matters at least for the mincore syscall, which will otherwise copy uninitialized memory from the page allocator to userspace. It is probably also a correctness error for /proc/$pid/pagemap, but I haven't tested that. Removing the `walk->hugetlb_entry` condition in walk_hugetlb_range() has no effect because the caller already checks for that. This only reports holes in hugetlb ranges to callers who have specified a hugetlb_entry callback. This issue was found using an AFL-based fuzzer. v2: - don't crash on ->pte_hole==NULL (Andrew Morton) - add Cc stable (Andrew Morton) Fixes:1e25a271c8
("mincore: apply page table walker on do_mincore()") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
3594216fc6
commit
bbce81fc96
|
@ -188,8 +188,12 @@ static int walk_hugetlb_range(unsigned long addr, unsigned long end,
|
|||
do {
|
||||
next = hugetlb_entry_end(h, addr, end);
|
||||
pte = huge_pte_offset(walk->mm, addr & hmask, sz);
|
||||
if (pte && walk->hugetlb_entry)
|
||||
|
||||
if (pte)
|
||||
err = walk->hugetlb_entry(pte, hmask, addr, next, walk);
|
||||
else if (walk->pte_hole)
|
||||
err = walk->pte_hole(addr, next, walk);
|
||||
|
||||
if (err)
|
||||
break;
|
||||
} while (addr = next, addr != end);
|
||||
|
|
Loading…
Reference in New Issue
Block a user