Gitweb:
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=55a230aae650157720becc09cadb7d10efbf5013
Commit: 55a230aae650157720becc09cadb7d10efbf5013
Parent: 8f731f7d83d6c6a3eeb32cce79bfcddbf7fac8cc
Author: Paul Jackson <[EMAIL PROTECTED]>
AuthorDate: Thu Oct 18 23:39:28 2007 -0700
Committer: Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Fri Oct 19 11:53:35 2007 -0700
cpuset: zero malloc - revert the old cpuset fix
The cpuset code to present a list of tasks using a cpuset to user space
could
write to an array that it had kmalloc'd, after a kmalloc request of zero
size.
The problem was that the code didn't check for writes past the allocated end
of the array until -after- the first write.
This is a race condition that is likely rare -- it would only show up if a
cpuset went from being empty to having a task in it, during the brief time
between the allocation and the first write.
Prior to roughly 2.6.22 kernels, this was also a benign problem, because a
zero kmalloc returned a few usable bytes anyway, and no harm was done with
the
bogus write.
With the 2.6.22 kernel changes to make issue a warning if code tries to
write
to the location returned from a zero size allocation, this problem is no
longer benign. This cpuset code would occassionally trigger that warning.
The fix is trivial -- check before storing into the array, not after,
whether
the array is big enough to hold the store.
Cc: "Eric W. Biederman" <[EMAIL PROTECTED]>
Cc: "Serge E. Hallyn" <[EMAIL PROTECTED]>
Cc: Balbir Singh <[EMAIL PROTECTED]>
Cc: Dave Hansen <[EMAIL PROTECTED]>
Cc: Herbert Poetzl <[EMAIL PROTECTED]>
Cc: Kirill Korotaev <[EMAIL PROTECTED]>
Cc: Paul Menage <[EMAIL PROTECTED]>
Cc: Srivatsa Vaddagiri <[EMAIL PROTECTED]>
Cc: Christoph Lameter <[EMAIL PROTECTED]>
Signed-off-by: Paul Jackson <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
---
kernel/cpuset.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/kernel/cpuset.c b/kernel/cpuset.c
index 64950fa..a40a2c4 100644
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -1638,9 +1638,9 @@ static int pid_array_load(pid_t *pidarray, int npids,
struct cpuset *cs)
do_each_thread(g, p) {
if (p->cpuset == cs) {
+ pidarray[n++] = p->pid;
if (unlikely(n == npids))
goto array_full;
- pidarray[n++] = p->pid;
}
} while_each_thread(g, p);
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
