From: Eugene Teo <eugene@redhat.com>
Date: Sun, 7 Feb 2010 15:32:14 -0500
Subject: [mm] fix sys_move_pages infoleak
Message-id: <4B6EDCFE.3060504@redhat.com>
Patchwork-id: 23171
O-Subject: [RHEL5 PATCH] CVE-2010-0415 sys_move_pages infoleak
Bugzilla: 562590
CVE: CVE-2010-0415
RH-Acked-by: Amerigo Wang <amwang@redhat.com>
RH-Acked-by: Kyle McMartin <kmcmartin@redhat.com>
RH-Acked-by: David S. Miller <davem@redhat.com>
BZ#562590
CVE-2010-0415
Description of problem:
commit 6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Fri Feb 5 16:16:50 2010 -0800
Fix potential crash with sys_move_pages
We incorrectly depended on the 'node_state/node_isset()' functions
testing the node range, rather than checking it explicitly. That's
not reliable, even if it might often happen to work. So do the
proper explicit test.
Reported-by: Marcus Meissner <meissner@suse.de>
Acked-and-tested-by: Brice Goglin <Brice.Goglin@inria.fr>
Acked-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Status: Not tested but obvious backport of the upstream patch.
Please review.
Thanks, Eugene
Signed-off-by: Jarod Wilson <jarod@redhat.com>
diff --git a/mm/migrate.c b/mm/migrate.c
index 2f454fd..7f9d835 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -952,6 +952,9 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages,
goto out;
err = -ENODEV;
+ if (node < 0 || node >= MAX_NUMNODES)
+ goto out;
+
if (!node_online(node))
goto out;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
2214
