[PATCH 1/5] pagemap: Modify add_to_pagemap to use copy_to_user instead of put_user.

[Thomas Tuttle]

While fiddling with pagemap, I discovered a bug in add_to_pagemap.
When it is copying an entry that is not at the end of the buffer, it
uses put_user to copy a u64 into a char* buffer.  The problem is that
put_user determines how much to copy based on the size of the
*destination*, not the source, so it only copied one byte.  To fix
this, I replaced the call to put_user with a call to copy_to_user, as
is used when copying the last (possibly partial) PFN into the buffer.
From 3240be0d489e914bbb5a559c21413e39889934ef Mon Sep 17 00:00:00 2001
From: Thomas Tuttle <ttuttle@xxxxxxxxxx>
Date: Thu, 5 Jun 2008 09:37:24 -0400
Subject: [PATCH] Modified add_to_pagemap to use copy_to_user instead of put_user.
 Using put_user only copies the low byte of the pagecount, because the
 destination buffer is a char*.

Signed-off-by: Thomas Tuttle <ttuttle@xxxxxxxxxx>
---
 fs/proc/task_mmu.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 88717c0..9915202 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -531,7 +531,7 @@ static int add_to_pagemap(unsigned long addr, u64 pfn,
 		return PM_END_OF_BUFFER;
 	}
 
-	if (put_user(pfn, pm->out))
+	if (copy_to_user(pm->out, &pfn, PM_ENTRY_BYTES))
 		return -EFAULT;
 	pm->out += PM_ENTRY_BYTES;
 	return 0;
-- 
1.5.3.6