| commit | d9be428145481c9c23e02e25a49205fc9def5d36 | |
| author | Andrew Morton <akpm@osdl.org> | |
| Tue, 9 Jan 2007 02:23:15 +0000 (9 03:23 +0100) | ||
| committer | Adrian Bunk <bunk@stusta.de> | |
| Tue, 9 Jan 2007 02:23:15 +0000 (9 03:23 +0100) | ||
| tree | 75a9bce9c079f5a2d37277462fe31b51a0fd94ed | treesnapshot (tar.gz zip) |
| parent | 09d9056ce65466da2a4634c62fcfecfa70fc9605 | commitdiff |
grow_buffers() infinite loop fix (CVE-2006-5757/CVE-2006-6060)
If grow_buffers() is for some reason passed a block number which wants to li
outside the maximum-addressable pagecache range (PAGE_SIZE * 4G bytes) then
will accidentally truncate `index' and will then instnatiate a page at the
wrong pagecache offset. This causes __getblk_slow() to go into an infinite
loop.
This can happen with corrupted disks, or with software errors elsewhere.
Detect that, and handle it.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
If grow_buffers() is for some reason passed a block number which wants to li
outside the maximum-addressable pagecache range (PAGE_SIZE * 4G bytes) then
will accidentally truncate `index' and will then instnatiate a page at the
wrong pagecache offset. This causes __getblk_slow() to go into an infinite
loop.
This can happen with corrupted disks, or with software errors elsewhere.
Detect that, and handle it.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
| fs/buffer.c | diffblobblamehistory |