Fix potential crash with sys_move_pages (CVE-2010-0415)
svn path=/dists/trunk/linux-2.6/; revision=15138
This commit is contained in:
parent
4ae828b4e7
commit
fa9f65f4b9
|
@ -5,6 +5,7 @@ linux-2.6 (2.6.32-8) UNRELEASED; urgency=low
|
|||
|
||||
[ dann frazier ]
|
||||
* KVM: PIT: control word is write-only (CVE-2010-0309)
|
||||
* Fix potential crash with sys_move_pages (CVE-2010-0415)
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* Build lgs8gxx driver along with cxusb (Closes: #568414)
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
commit 6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0
|
||||
Author: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Fri Feb 5 16:16:50 2010 -0800
|
||||
|
||||
Fix potential crash with sys_move_pages
|
||||
|
||||
We incorrectly depended on the 'node_state/node_isset()' functions
|
||||
testing the node range, rather than checking it explicitly. That's not
|
||||
reliable, even if it might often happen to work. So do the proper
|
||||
explicit test.
|
||||
|
||||
Reported-by: Marcus Meissner <meissner@suse.de>
|
||||
Acked-and-tested-by: Brice Goglin <Brice.Goglin@inria.fr>
|
||||
Acked-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
|
||||
Cc: stable@kernel.org
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
|
||||
diff --git a/mm/migrate.c b/mm/migrate.c
|
||||
index efddbf0..9a0db5b 100644
|
||||
--- a/mm/migrate.c
|
||||
+++ b/mm/migrate.c
|
||||
@@ -912,6 +912,9 @@ static int do_pages_move(struct mm_struct *mm, struct task_struct *task,
|
||||
goto out_pm;
|
||||
|
||||
err = -ENODEV;
|
||||
+ if (node < 0 || node >= MAX_NUMNODES)
|
||||
+ goto out_pm;
|
||||
+
|
||||
if (!node_state(node, N_HIGH_MEMORY))
|
||||
goto out_pm;
|
||||
|
|
@ -8,3 +8,4 @@
|
|||
- bugfix/all/e1000e-enhance-fragment-detection.patch
|
||||
- bugfix/all/e1000-enhance-fragment-detection.patch
|
||||
+ bugfix/all/stable/2.6.32.8.patch
|
||||
+ bugfix/all/fix-potential-crash-with-sys_move_pages.patch
|
||||
|
|
Loading…
Reference in New Issue