Commit-ID: ce2ae53b750abfaa012ce408e93da131a5b5649b
Gitweb: http://git.kernel.org/tip/ce2ae53b750abfaa012ce408e93da131a5b5649b
Author: Sonny Rao <sonnyrao@xxxxxxxxxx>
AuthorDate: Fri, 10 Jul 2009 18:13:13 -0500
Committer: Ingo Molnar <mingo@xxxxxxx>
CommitDate: Sat, 11 Jul 2009 12:40:44 +0200
futexes: Fix infinite loop in get_futex_key() on huge page
get_futex_key() can infinitely loop if it is called on a
virtual address that is within a huge page but not aligned to
the beginning of that page. The call to get_user_pages_fast
will return the struct page for a sub-page within the huge page
and the check for page->mapping will always fail.
The fix is to call compound_head on the page before checking
that it's mapped.
Signed-off-by: Sonny Rao <sonnyrao@xxxxxxxxxx>
Acked-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxx
Cc: anton@xxxxxxxxx
Cc: rajamony@xxxxxxxxxx
Cc: speight@xxxxxxxxxx
Cc: mstephen@xxxxxxxxxx
Cc: grimm@xxxxxxxxxx
Cc: mikey@xxxxxxxxxxxxxxxxx
LKML-Reference: <20090710231313.GA23572@xxxxxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
---
kernel/futex.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/kernel/futex.c b/kernel/futex.c
index 794c862..0672ff8 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -247,6 +247,7 @@ again:
if (err < 0)
return err;
+ page = compound_head(page);
lock_page(page);
if (!page->mapping) {
unlock_page(page);
--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|