| commit | 0fc7b9055c2069bdb2fae508cefaeef4d26f86aa | |
| author | Andrew Morton <akpm@osdl.org> | |
| Sat, 30 Dec 2006 23:23:35 +0000 (30 18:23 -0500) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Fri, 23 Feb 2007 23:49:51 +0000 (23 15:49 -0800) | ||
| tree | b6e61415aba35b9b9ef0b8cf8559d92c427b3d64 | treesnapshot (tar.gz zip) |
| parent | 6ce115c0d888086716aef2b4b3cd702d3b4f060d | commitdiff |
grow_buffers() infinite loop fix (CVE-2006-5757, CVE-2006-6060)
If grow_buffers() is for some reason passed a block number which wants to lie
outside the maximum-addressable pagecache range (PAGE_SIZE * 4G bytes) then it
will accidentally truncate `index' and will then instnatiate a page at the
wrong pagecache offset. This causes __getblk_slow() to go into an infinite
loop.
This can happen with corrupted disks, or with software errors elsewhere.
Detect that, and handle it.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
If grow_buffers() is for some reason passed a block number which wants to lie
outside the maximum-addressable pagecache range (PAGE_SIZE * 4G bytes) then it
will accidentally truncate `index' and will then instnatiate a page at the
wrong pagecache offset. This causes __getblk_slow() to go into an infinite
loop.
This can happen with corrupted disks, or with software errors elsewhere.
Detect that, and handle it.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| fs/buffer.c | diffblobblamehistory |