• Jann Horn's avatar
    mm/pagewalk.c: report holes in hugetlb ranges · 373c4557
    Jann Horn authored
    This matters at least for the mincore syscall, which will otherwise copy
    uninitialized memory from the page allocator to userspace.  It is
    probably also a correctness error for /proc/$pid/pagemap, but I haven't
    tested that.
    
    Removing the `walk->hugetlb_entry` condition in walk_hugetlb_range() has
    no effect because the caller already checks for that.
    
    This only reports holes in hugetlb ranges to callers who have specified
    a hugetlb_entry callback.
    
    This issue was found using an AFL-based fuzzer.
    
    v2:
     - don't crash on ->pte_hole==NULL (Andrew Morton)
     - add Cc stable (Andrew Morton)
    
    Fixes: 1e25a271 ("mincore: apply page table walker on do_mincore()")
    Signed-off-by: 's avatarJann Horn <jannh@google.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
    373c4557