[PATCH] Fix crash when ptrace poking hugepage areas

set_page_dirty() will not cope with being handed a page * which is part of a compound page, but not the master page in that compound page. This case can occur via access_process_vm() if you attemp to write to another process's hugepage memory area using ptrace() (causing an oops or hang). This patch fixes the bug by only calling set_page_dirty() from access_process_vm() if the page is not a compound page. We already use a similar fix in bio_set_pages_dirty() for the case of direct io to hugepages. Signed-off-by: N David Gibson <david@gibson.dropbear.id.au> Acked-by: N William Irwin <wli@holomorphy.com> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>

[PATCH] Fix crash when ptrace poking hugepage areas
set_page_dirty() will not cope with being handed a page * which is part of a compound page, but not the master page in that compound page. This case can occur via access_process_vm() if you attemp to write to another process's hugepage memory area using ptrace() (causing an oops or hang). This patch fixes the bug by only calling set_page_dirty() from access_process_vm() if the page is not a compound page. We already use a similar fix in bio_set_pages_dirty() for the case of direct io to hugepages. Signed-off-by: N David Gibson <david@gibson.dropbear.id.au> Acked-by: N William Irwin <wli@holomorphy.com> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>
5bd0190b · David Gibson · Linus Torvalds · df69a60d · 5bd0190b
显示空白变更内容
内联并排

Showing with 2 addition and 1 deletion

kernel/ptrace.c kernel/ptrace.c +2 -1

未找到文件。
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -241,6 +241,7 @@ int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, in
 		if (write) {
 			copy_to_user_page(vma, page, addr,
 					  maddr + offset, buf, bytes);
+			if (!PageCompound(page))
 				set_page_dirty_lock(page);
 		} else {
 			copy_from_user_page(vma, page, addr,