提交 4a3b98a4 编写于 作者: R Rafael J. Wysocki 提交者: Linus Torvalds

[PATCH] swsusp: prevent possible image corruption on resume

The function free_pagedir() used by swsusp for freeing its internal data
structures clears the PG_nosave and PG_nosave_free flags for each page
being freed.

However, during resume PG_nosave_free set means that the page in
question is "unsafe" (ie.  it will be overwritten in the process of
restoring the saved system state from the image), so it should not be
used for the image data.

Therefore free_pagedir() should not clear PG_nosave_free if it's called
during resume (otherwise "unsafe" pages freed by it may be used for
storing the image data and the data may get corrupted later on).
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
Acked-by: NPavel Machek <pavel@ucw.cz>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
上级 8db08de4
...@@ -240,14 +240,15 @@ static void copy_data_pages(struct pbe *pblist) ...@@ -240,14 +240,15 @@ static void copy_data_pages(struct pbe *pblist)
* free_pagedir - free pages allocated with alloc_pagedir() * free_pagedir - free pages allocated with alloc_pagedir()
*/ */
static void free_pagedir(struct pbe *pblist) static void free_pagedir(struct pbe *pblist, int clear_nosave_free)
{ {
struct pbe *pbe; struct pbe *pbe;
while (pblist) { while (pblist) {
pbe = (pblist + PB_PAGE_SKIP)->next; pbe = (pblist + PB_PAGE_SKIP)->next;
ClearPageNosave(virt_to_page(pblist)); ClearPageNosave(virt_to_page(pblist));
ClearPageNosaveFree(virt_to_page(pblist)); if (clear_nosave_free)
ClearPageNosaveFree(virt_to_page(pblist));
free_page((unsigned long)pblist); free_page((unsigned long)pblist);
pblist = pbe; pblist = pbe;
} }
...@@ -389,7 +390,7 @@ struct pbe *alloc_pagedir(unsigned int nr_pages, gfp_t gfp_mask, int safe_needed ...@@ -389,7 +390,7 @@ struct pbe *alloc_pagedir(unsigned int nr_pages, gfp_t gfp_mask, int safe_needed
pbe->next = alloc_image_page(gfp_mask, safe_needed); pbe->next = alloc_image_page(gfp_mask, safe_needed);
} }
if (!pbe) { /* get_zeroed_page() failed */ if (!pbe) { /* get_zeroed_page() failed */
free_pagedir(pblist); free_pagedir(pblist, 1);
pblist = NULL; pblist = NULL;
} else } else
create_pbe_list(pblist, nr_pages); create_pbe_list(pblist, nr_pages);
...@@ -736,7 +737,7 @@ static int create_image(struct snapshot_handle *handle) ...@@ -736,7 +737,7 @@ static int create_image(struct snapshot_handle *handle)
pblist = alloc_pagedir(nr_copy_pages, GFP_ATOMIC, 1); pblist = alloc_pagedir(nr_copy_pages, GFP_ATOMIC, 1);
if (pblist) if (pblist)
copy_page_backup_list(pblist, p); copy_page_backup_list(pblist, p);
free_pagedir(p); free_pagedir(p, 0);
if (!pblist) if (!pblist)
error = -ENOMEM; error = -ENOMEM;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册