mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 21:33:52 +00:00
Code Issues Releases Wiki Activity
linux-stable/mm
History
Maurizio Lombardi fe16be4cec mm: prevent page_frag_alloc() from corrupting the memory 
commit dac22531bb upstream.

A number of drivers call page_frag_alloc() with a fragment's size >
PAGE_SIZE.

In low memory conditions, __page_frag_cache_refill() may fail the order
3 cache allocation and fall back to order 0; In this case, the cache
will be smaller than the fragment, causing memory corruptions.

Prevent this from happening by checking if the newly allocated cache is
large enough for the fragment; if not, the allocation will fail and
page_frag_alloc() will return NULL.

Link: https://lkml.kernel.org/r/20220715125013.247085-1-mlombard@redhat.com
Fixes: b63ae8ca09 ("mm/net: Rename and move page fragment handling from net/ to mm/")
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Reviewed-by: Alexander Duyck <alexanderduyck@fb.com>
Cc: Chen Lin <chen45464546@163.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-10-26 13:15:32 +02:00
..
kasan
backing-dev.c mm: bdi: initialize bdi_min_ratio when bdi is unregistered 2021-12-14 10:04:47 +01:00
balloon_compaction.c
bootmem.c
cleancache.c
cma.c
cma.h
cma_debug.c
compaction.c
debug.c
debug_page_ref.c
dmapool.c
early_ioremap.c
fadvise.c
failslab.c
filemap.c mm/filemap.c: clear page error before actual read 2020-10-01 20:40:11 +02:00
frame_vector.c
frontswap.c
gup.c gup: document and work around "COW can break either way" issue 2022-01-27 08:47:42 +01:00
highmem.c
huge_memory.c gup: document and work around "COW can break either way" issue 2022-01-27 08:47:42 +01:00
hugetlb.c hugetlb: fix huge_pmd_unshare address update 2022-06-14 16:52:36 +02:00
hugetlb_cgroup.c mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() 2019-11-25 09:51:58 +01:00
hwpoison-inject.c
init-mm.c
internal.h vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n 2019-12-05 15:35:02 +01:00
interval_tree.c
Kconfig
Kconfig.debug
khugepaged.c khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() 2021-05-22 10:40:31 +02:00
kmemcheck.c
kmemleak-test.c
kmemleak.c Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" 2022-09-15 12:39:45 +02:00
ksm.c ksm: fix potential missing rmap_item for stable_node 2021-05-22 10:40:31 +02:00
list_lru.c
maccess.c uaccess: Add non-pagefault user-space write function 2020-09-12 11:47:35 +02:00
madvise.c
Makefile
memblock.c memblock: use kfree() to release kmalloced memblock regions 2022-03-02 11:32:06 +01:00
memcontrol.c mm/memcontrol: return 1 from cgroup.memory __setup() handler 2022-04-20 09:06:41 +02:00
memory-failure.c mm: hwpoison: change PageHWPoison behavior on hugetlb pages 2021-06-30 08:49:13 -04:00
memory.c mm: invalidate hwpoison page cache page in fault path 2022-07-21 20:40:33 +02:00
memory_hotplug.c mm: Avoid calling build_all_zonelists_init under hotplug context 2020-08-21 11:02:11 +02:00
mempolicy.c mm/mempolicy: fix uninit-value in mpol_rebind_policy() 2022-07-29 17:05:46 +02:00
mempool.c
memtest.c
migrate.c
mincore.c
mlock.c
mm_init.c
mmap.c mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() 2022-09-20 11:50:16 +02:00
mmu_context.c
mmu_notifier.c
mmzone.c
mprotect.c
mremap.c mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) 2022-04-20 09:06:44 +02:00
msync.c
nobootmem.c
nommu.c x86/mm: split vmalloc_sync_all() 2020-04-02 17:20:26 +02:00
oom_kill.c mm, oom: do not trigger out_of_memory from the #PF 2021-11-26 11:48:40 +01:00
page-writeback.c mm: memcontrol: fix NULL pointer crash in test_clear_page_writeback() 2021-02-23 13:59:14 +01:00
page_alloc.c mm: prevent page_frag_alloc() from corrupting the memory 2022-10-26 13:15:32 +02:00
page_counter.c
page_ext.c
page_idle.c
page_io.c swap: fix swapfile read/write offset 2021-03-07 11:25:59 +01:00
page_isolation.c
page_owner.c
page_poison.c
pagewalk.c mm: pagewalk: fix termination condition in walk_pte_range() 2020-10-01 20:40:06 +02:00
percpu-km.c
percpu-vm.c
percpu.c
pgtable-generic.c
process_vm_access.c
quicklist.c
readahead.c
rmap.c mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse 2022-09-05 10:23:58 +02:00
shmem.c memfd: fix F_SEAL_WRITE after shmem huge page allocated 2022-03-08 19:00:59 +01:00
slab.c
slab.h mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag 2021-11-26 11:48:42 +01:00
slab_common.c mm/slab: use memzero_explicit() in kzfree() 2020-06-30 15:38:44 -04:00
slob.c
slub.c mm/slub: fix to return errno if kmalloc() fails 2022-09-28 10:55:45 +02:00
sparse-vmemmap.c
sparse.c
swap.c
swap_cgroup.c
swap_state.c mm: fix swap cache node allocation mask 2020-07-09 09:35:54 +02:00
swapfile.c swap: fix swapfile read/write offset 2021-03-07 11:25:59 +01:00
truncate.c
usercopy.c
userfaultfd.c mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() 2022-05-15 19:39:17 +02:00
util.c random: move randomize_page() into mm where it belongs 2022-06-25 11:45:15 +02:00
vmacache.c
vmalloc.c mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap() 2020-06-03 08:16:47 +02:00
vmpressure.c
vmscan.c
vmstat.c mm, vmstat: drop zone->lock in /proc/pagetypeinfo 2021-06-03 08:23:27 +02:00
workingset.c
z3fold.c
zbud.c
zpool.c
zsmalloc.c mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() 2021-11-26 11:48:39 +01:00
zswap.c