OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/mm
History
Linus Torvalds 94ad374a07 Fix off-by-one error in iov_iter_advance() 
The iov_iter_advance() function would look at the iov->iov_len entry
even though it might have iterated over the whole array, and iov was
pointing past the end.  This would cause DEBUG_PAGEALLOC to trigger a
kernel page fault if the allocation was at the end of a page, and the
next page was unallocated.

The quick fix is to just change the order of the tests: check that there
is any iovec data left before we check the iov entry itself.

Thanks to Alexey Dobriyan for finding this case, and testing the fix.

Reported-and-tested-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: <stable@kernel.org> [2.6.25.x, 2.6.26.x]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2008-07-30 14:50:18 -07:00
..
Kconfig mmu-notifiers: core 2008-07-28 16:30:21 -07:00
Makefile mmu-notifiers: core 2008-07-28 16:30:21 -07:00
allocpercpu.c mm/allocpercpu.c: make 4 functions static 2008-07-26 12:00:12 -07:00
backing-dev.c
bootmem.c bootmem: replace node_boot_start in struct bootmem_data 2008-07-24 10:47:20 -07:00
bounce.c
dmapool.c
fadvise.c
filemap.c Fix off-by-one error in iov_iter_advance() 2008-07-30 14:50:18 -07:00
filemap_xip.c mmu-notifiers: core 2008-07-28 16:30:21 -07:00
fremap.c mmu-notifiers: core 2008-07-28 16:30:21 -07:00
highmem.c
hugetlb.c mm/hugetlb.c must #include <asm/io.h> 2008-07-28 16:30:21 -07:00
internal.h
maccess.c
madvise.c madvise: update function comment of madvise_dontneed 2008-07-30 09:41:45 -07:00
memcontrol.c memcg: remove redundant check in move_task() 2008-07-30 09:41:44 -07:00
memory.c GRU Driver: export is_uv_system(), zap_page_range() & follow_page() 2008-07-30 09:41:48 -07:00
memory_hotplug.c memory-hotplug: add sysfs removable attribute for hotplug memory remove 2008-07-24 10:47:21 -07:00
mempolicy.c
mempool.c
migrate.c mm: spinlock tree_lock 2008-07-26 12:00:06 -07:00
mincore.c
mlock.c
mm_init.c
mmap.c mmu-notifiers: core 2008-07-28 16:30:21 -07:00
mmu_notifier.c mmu-notifiers: core 2008-07-28 16:30:21 -07:00
mmzone.c
mprotect.c mmu-notifiers: core 2008-07-28 16:30:21 -07:00
mremap.c mmu-notifiers: core 2008-07-28 16:30:21 -07:00
msync.c
nommu.c tracehook: tracehook_expect_breakpoints 2008-07-26 12:00:09 -07:00
oom_kill.c
page-writeback.c mm: spinlock tree_lock 2008-07-26 12:00:06 -07:00
page_alloc.c mm: remove find_max_pfn_with_active_regions 2008-07-30 09:41:44 -07:00
page_io.c
page_isolation.c
pagewalk.c
pdflush.c pdflush: use time_after() instead of open-coding it 2008-07-25 10:53:28 -07:00
prio_tree.c
quicklist.c
readahead.c mm: readahead scan lockless 2008-07-26 12:00:06 -07:00
rmap.c mmu-notifiers: core 2008-07-28 16:30:21 -07:00
shmem.c tmpfs: fix kernel BUG in shmem_delete_inode 2008-07-28 16:30:20 -07:00
shmem_acl.c [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
slab.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
slob.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
slub.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
sparse-vmemmap.c
sparse.c make mm/sparse.c: make a function static 2008-07-26 12:00:12 -07:00
swap.c swap: update function comment of release_pages 2008-07-30 09:41:46 -07:00
swap_state.c mm: print swapcache page count in show_swap_cache_info() 2008-07-26 12:00:10 -07:00
swapfile.c swapfile/vmscan: update comments related to vmscan functions 2008-07-30 09:41:46 -07:00
thrash.c
tiny-shmem.c
truncate.c mm: spinlock tree_lock 2008-07-26 12:00:06 -07:00
util.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-07-26 20:17:56 -07:00
vmalloc.c Use WARN() in mm/vmalloc.c 2008-07-26 12:00:07 -07:00
vmscan.c do_try_to_free_page: update comments related to vmscan functions 2008-07-30 09:41:46 -07:00
vmstat.c