út 9. 8. 2022 v 2:14 odesílatel Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> napsal: > > On Fri, 15 Jul 2022 14:50:13 +0200 Maurizio Lombardi <mlombard@xxxxxxxxxx> wrote: > > > A number of drivers call page_frag_alloc() with a > > fragment's size > PAGE_SIZE. > > In low memory conditions, __page_frag_cache_refill() may fail the order 3 > > cache allocation and fall back to order 0; > > In this case, the cache will be smaller than the fragment, causing > > memory corruptions. > > > > Prevent this from happening by checking if the newly allocated cache > > is large enough for the fragment; if not, the allocation will fail > > and page_frag_alloc() will return NULL. > > Can we come up with a Fixes: for this? I think the bug has been introduced in kernel 3.19-rc1 Fixes: ffde7328a36d16e626bae8468571858d71cd010b > > Should this fix be backported into -stable kernels? Yes, IMO this should be backported to -stable Thanks, Maurizio
