From: Dominique Martinet <asmadeus@xxxxxxxxxxxxx> Subject: fs/proc/kcore.c: fix invalid memory access in multi-page read optimization The 'm' kcore_list item could point to kclist_head, and it is incorrect to look at m->addr / m->size in this case. There is no choice but to run through the list of entries for every address if we did not find any entry in the previous iteration Reset 'm' to NULL in that case at Omar Sandoval's suggestion. [akpm@xxxxxxxxxxxxxxxxxxxx: add comment] Link: http://lkml.kernel.org/r/1536100702-28706-1-git-send-email-asmadeus@xxxxxxxxxxxxx Fixes: bf991c2231117 ("proc/kcore: optimize multiple page reads") Signed-off-by: Dominique Martinet <asmadeus@xxxxxxxxxxxxx> Reviewed-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Cc: Omar Sandoval <osandov@xxxxxxxxxxx> Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx> Cc: Eric Biederman <ebiederm@xxxxxxxxxxxx> Cc: James Morse <james.morse@xxxxxxx> Cc: Bhupesh Sharma <bhsharma@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- diff -puN fs/proc/kcore.c~proc-kcore-fix-invalid-memory-access-in-multi-page-read-optimization-v3 fs/proc/kcore.c --- a/fs/proc/kcore.c~proc-kcore-fix-invalid-memory-access-in-multi-page-read-optimization-v3 +++ a/fs/proc/kcore.c @@ -464,6 +464,7 @@ read_kcore(struct file *file, char __use ret = -EFAULT; goto out; } + m = NULL; /* skip the list anchor */ } else if (m->type == KCORE_VMALLOC) { vread(buf, (char *)start, tsz); /* we have to zero-fill user buffer even if no read */ _
