The buffer count is not initialized when a new buffer is allocated.
It cause kernel crash with "Unable to handle kernel paging
request..." error in __copy_to_user_std(). It happens when a
memory allocation failure in the while(1)-loop, which left the
buffer count (m->count) is larger than buffer size
(m->size).
This patch is currently against a linux 3.12 kernel
Signed-off-by: Charley Chu charley.chu@xxxxxxxxxxxx
---
diff --git a/fs/seq_file.c b/fs/seq_file.c
index 1cd2388..480a341 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -191,6 +191,7 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
/* grab buffer if we didn't have one */
if (!m->buf) {
+ m->count = m->from = 0;
m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
if (!m->buf)
goto Enomem;
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
