On Fri, Aug 9, 2013 at 8:49 PM, yonghua zheng <younghua.zheng@xxxxxxxxx> wrote: > Update the patch according to Naoya's comment, I also run > ./scripts/checkpatch.pl, and it passed ;D. > > From 96826b0fdf9ec6d6e16c2c595f371dbb841250f7 Mon Sep 17 00:00:00 2001 > From: Yonghua Zheng <younghua.zheng@xxxxxxxxx> > Date: Mon, 5 Aug 2013 12:12:24 +0800 > Subject: [PATCH 1/1] pagemap: fix buffer overflow in add_to_pagemap() > > In struc pagemapread: > > struct pagemapread { > int pos, len; > pagemap_entry_t *buffer; > bool v2; > }; > > pos is number of PM_ENTRY_BYTES in buffer, but len is the size of buffer, > it is a mistake to compare pos and len in add_to_pagemap() for checking > buffer is full or not, and this can lead to buffer overflow and random > kernel panic issue. > > Correct len to be total number of PM_ENTRY_BYTES in buffer. > > Signed-off-by: Yonghua Zheng <younghua.zheng@xxxxxxxxx> Acked-by: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx> -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>