rpms/kernel/F-12 fix-crash-with-sys_move_pages.patch, NONE, 1.1.2.1 kernel.spec, 1.1960.2.10, 1.1960.2.11

Kyle McMartin kyle at fedoraproject.org
Sun Feb 7 03:16:17 UTC 2010 

Author: kyle

Update of /cvs/pkgs/rpms/kernel/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5782

Modified Files:
      Tag: private-fedora-12-2_6_31
	kernel.spec 
Added Files:
      Tag: private-fedora-12-2_6_31
	fix-crash-with-sys_move_pages.patch 
Log Message:
* Sat Feb 06 2010 Kyle McMartin <kyle at redhat.com> 2.6.31.12-174.2.11
- fix-crash-with-sys_move_pages.patch: sys_move_pages doesn't bounds
  check the node properly.


fix-crash-with-sys_move_pages.patch:
 migrate.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- NEW FILE fix-crash-with-sys_move_pages.patch ---
>From 86d58ef0dbcf94917ef0f00b1070f9b3e84e9d0b Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds at linux-foundation.org>
Date: Fri, 5 Feb 2010 16:16:50 -0800
Subject: Fix potential crash with sys_move_pages

We incorrectly depended on the 'node_state/node_isset()' functions
testing the node range, rather than checking it explicitly.  That's not
reliable, even if it might often happen to work.  So do the proper
explicit test.

Reported-by: Marcus Meissner <meissner at suse.de>
Acked-and-tested-by: Brice Goglin <Brice.Goglin at inria.fr>
Acked-by: Hugh Dickins <hugh.dickins at tiscali.co.uk>
Cc: stable at kernel.org
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
---
 mm/migrate.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/mm/migrate.c b/mm/migrate.c
index 598abad..eebfb79 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -937,6 +937,9 @@ static int do_pages_move(struct mm_struct *mm, struct task_struct *task,
 				goto out_pm;
 
 			err = -ENODEV;
+			if (node < 0 || node >= MAX_NUMNODES)
+				goto out_pm;
+
 			if (!node_state(node, N_HIGH_MEMORY))
 				goto out_pm;
 
-- 
1.6.6



Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-12/kernel.spec,v
retrieving revision 1.1960.2.10
retrieving revision 1.1960.2.11
diff -u -p -r1.1960.2.10 -r1.1960.2.11
--- kernel.spec	7 Feb 2010 02:04:20 -0000	1.1960.2.10
+++ kernel.spec	7 Feb 2010 03:16:17 -0000	1.1960.2.11
@@ -825,6 +825,8 @@ Patch16535: powerpc-tif_abi_pending-bit-
 # cve-2010-0410
 Patch16540: connector-delete-buggy-notification-code.patch
 
+Patch16550: fix-crash-with-sys_move_pages.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1541,6 +1543,8 @@ ApplyPatch powerpc-tif_abi_pending-bit-r
 # cve-2010-0410
 ApplyPatch connector-delete-buggy-notification-code.patch
 
+ApplyPatch fix-crash-with-sys_move_pages.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2190,6 +2194,10 @@ fi
 # and build.
 
 %changelog
+* Sat Feb 06 2010 Kyle McMartin <kyle at redhat.com> 2.6.31.12-174.2.11
+- fix-crash-with-sys_move_pages.patch: sys_move_pages doesn't bounds
+  check the node properly.
+
 * Sat Feb 06 2010 Chuck Ebbert <cebbert at redhat.com>  2.6.31.12-174.2.10
 - CVE-2010-0410 kernel: OOM/crash in drivers/connector

More information about the scm-commits mailing list