diff options
| author | Paul Jackson <[email protected]> | 2007-06-16 10:16:01 -0700 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2007-06-16 13:16:15 -0700 |
| commit | 3e903e7b1605aff88d7f89a96fab5e43081b914f (patch) | |
| tree | ae35423c1643689f27734005f39cebe52773962d /include/linux/debugobjects.h | |
| parent | d6f8bb1310d4745ff1d0c74eeacae31e2a3eeff1 (diff) | |
cpuset: zero malloc - fix for old cpusets
The cpuset code to present a list of tasks using a cpuset to user space could
write to an array that it had kmalloc'd, after a kmalloc request of zero size.
The problem was that the code didn't check for writes past the allocated end
of the array until -after- the first write.
This is a race condition that is likely rare -- it would only show up if a
cpuset went from being empty to having a task in it, during the brief time
between the allocation and the first write.
Prior to roughly 2.6.22 kernels, this was also a benign problem, because a
zero kmalloc returned a few usable bytes anyway, and no harm was done with the
bogus write.
With the 2.6.22 kernel changes to make issue a warning if code tries to write
to the location returned from a zero size allocation, this problem is no
longer benign. This cpuset code would occassionally trigger that warning.
The fix is trivial -- check before storing into the array, not after, whether
the array is big enough to hold the store.
Cc: "Eric W. Biederman" <[email protected]>
Cc: "Serge E. Hallyn" <[email protected]>
Cc: Balbir Singh <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: Herbert Poetzl <[email protected]>
Cc: Kirill Korotaev <[email protected]>
Cc: Paul Menage <[email protected]>
Cc: Srivatsa Vaddagiri <[email protected]>
Cc: Christoph Lameter <[email protected]>
Signed-off-by: Paul Jackson <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'include/linux/debugobjects.h')
0 files changed, 0 insertions, 0 deletions