Revision 955eff5acc8b8cd1c7d4eec0229c35eaabe013db authored by Nick Piggin on 20 February 2007, 21:58:08 UTC, committed by Linus Torvalds on 21 February 2007, 01:10:15 UTC
simple_prepare_write leaks uninitialised kernel data. This happens because the it leaves an uninitialised "hole" over the part of the page that the write is expected to go to. This is fine, but it then marks the page uptodate, which means a concurrent read can come in and copy the uninitialised memory into userspace before it written to. Fix it by simply marking it uptodate in simple_commit_write instead, after the hole has been filled in. This could theoretically break an fs that uses simple_prepare_write and not simple_commit_write, and that relies on the incorrect simple_prepare_write behaviour. Luckily, none of those exists in the tree. Signed-off-by: Nick Piggin <npiggin@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent c066332
| File | Mode | Size |
|---|---|---|
| keys | ||
| selinux | ||
| Kconfig | -rw-r--r-- | 3.2 KB |
| Makefile | -rw-r--r-- | 556 bytes |
| capability.c | -rw-r--r-- | 2.8 KB |
| commoncap.c | -rw-r--r-- | 9.4 KB |
| dummy.c | -rw-r--r-- | 25.8 KB |
| inode.c | -rw-r--r-- | 9.2 KB |
| root_plug.c | -rw-r--r-- | 3.9 KB |
| security.c | -rw-r--r-- | 5.4 KB |
Computing file changes ...
