Thread (9 messages) 9 messages, 3 authors, 2004-02-19

Re: [PATCH] mremap NULL pointer dereference fix

From: Linus Torvalds <torvalds@osdl.org>
Date: 2004-02-17 05:38:34
Also in: lkml

On Mon, 16 Feb 2004, Rajesh Venkatasubramanian wrote:
This path fixes a NULL pointer dereference bug in mremap. In
move_one_page we need to re-check the src because an allocation
for the dst page table can drop page_table_lock, and somebody
else can invalidate the src.
Ugly, but yes. The "!page_table_present(mm, new_addr))" code just before
the "alloc_one_pte_map()" should already have done this, but while the 
page tables themselves are safe due to us holding the mm semaphore, the 
pte entry itself at "src" is not.

I hate that code, and your patch makes it even uglier. This code could do 
with a real clean-up, but for now I think your patch will do.

Thanks,

		Linus
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org"> aart@kvack.org </a>
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help