tmpfs: restore missing clear_highpage (CVE-2007-6417)

author Hugh Dickins <hugh@veritas.com>

Sun, 6 Jan 2008 02:18:21 +0000 (04:18 +0200)

committer Adrian Bunk <bunk@kernel.org>

Sun, 6 Jan 2008 02:18:21 +0000 (04:18 +0200)
author Hugh Dickins <hugh@veritas.com>
Sun, 6 Jan 2008 02:18:21 +0000 (04:18 +0200)
committer Adrian Bunk <bunk@kernel.org>
Sun, 6 Jan 2008 02:18:21 +0000 (04:18 +0200)
diff --git a/mm/shmem.c b/mm/shmem.c

index 9e71b6ca35eb293d41182813e0dad4441a7949c9..cde85ed53f188f0191ca81a1f04faeb26aecd3bc 100644 (file)
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1040,7 +1040,7 @@ shmem_alloc_page(gfp_t gfp, struct shmem_inode_info *info,
         pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, idx);
         pvma.vm_pgoff = idx;
         pvma.vm_end = PAGE_SIZE;
-       page = alloc_page_vma(gfp | __GFP_ZERO, &pvma, 0);
+       page = alloc_page_vma(gfp, &pvma, 0);
         mpol_free(pvma.vm_policy);
         return page;
  }
@@ -1060,7 +1060,7 @@ shmem_swapin(struct shmem_inode_info *info,swp_entry_t entry,unsigned long idx)
  static inline struct page *
  shmem_alloc_page(gfp_t gfp,struct shmem_inode_info *info, unsigned long idx)
  {
-       return alloc_page(gfp | __GFP_ZERO);
+       return alloc_page(gfp);
  }
  #endif
  
@@ -1277,6 +1277,7 @@ repeat:
  
                 info->alloced++;
                 spin_unlock(&info->lock);
+               clear_highpage(filepage);
                 flush_dcache_page(filepage);
                 SetPageUptodate(filepage);
         }
author	Hugh Dickins <hugh@veritas.com>
	Sun, 6 Jan 2008 02:18:21 +0000 (04:18 +0200)
committer	Adrian Bunk <bunk@kernel.org>
	Sun, 6 Jan 2008 02:18:21 +0000 (04:18 +0200)