-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://www.securityfocus.com/bid/27694
Linux Kernel 'tmpfs' filesystem Local Security Vulnerability
Bugtraq ID: 27694
CVE: CVE-2007-6417
You can easily apply this patch manually with vi.
tmpfs was misconverted to __GFP_ZERO in 2.6.11. There's an unusual case in
which shmem_getpage receives the page from its caller instead of allocating.
We must cover this case by clear_highpage before SetPageUptodate, as before.
Signed-off-by: Hugh Dickins <[EMAIL PROTECTED]>
- ---
Desirable in 2.6.23-stable and 2.6.22-stable and 2.6.16-stable
(and any other 2.6-stable if not already at end of life).
mm/shmem.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
- --- 2.6.24-rc3-git/mm/shmem.c 2007-10-31 06:18:05.000000000 +0000
+++ linux/mm/shmem.c 2007-11-28 17:01:20.000000000 +0000
@@ -1072,7 +1072,7 @@ shmem_alloc_page(gfp_t gfp, struct shmem
pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, idx);
pvma.vm_pgoff = idx;
pvma.vm_end = PAGE_SIZE;
- - page = alloc_page_vma(gfp | __GFP_ZERO, &pvma, 0);
+ page = alloc_page_vma(gfp, &pvma, 0);
mpol_free(pvma.vm_policy);
return page;
}
@@ -1093,7 +1093,7 @@ shmem_swapin(struct shmem_inode_info *in
static inline struct page *
shmem_alloc_page(gfp_t gfp,struct shmem_inode_info *info, unsigned long idx)
{
- - return alloc_page(gfp | __GFP_ZERO);
+ return alloc_page(gfp);
}
#endif
@@ -1306,6 +1306,7 @@ repeat:
info->alloced++;
spin_unlock(&info->lock);
+ clear_highpage(filepage);
flush_dcache_page(filepage);
SetPageUptodate(filepage);
}
Marty B.
- --
Putting Microsoft in a computer is like putting screen doors in a submarine.
Hopeless.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFHulFwodd/GHZYnVQRAlbSAJ4iSXLREZV+8UYiEcFOakNJSuZrdQCgoEh7
THcsF5XWDAAT+J3IuzztZPk=
=3zYN
-----END PGP SIGNATURE-----
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
