[PATCH] mm: fix madvise infinine loop
madvise(MADV_REMOVE) can go into an infinite loop or cause an oops if the call covers a region from the start of a vma, and extending past that vma. Signed-off-by: Nick Piggin <npiggin@suse.de> Cc: Badari Pulavarty <pbadari@us.ibm.com> Acked-by: Hugh Dickins <hugh@veritas.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
0465fc0a1c
commit
00e9fa2d64
1 changed files with 4 additions and 1 deletions
|
@ -155,11 +155,14 @@ static long madvise_dontneed(struct vm_area_struct * vma,
|
||||||
* Other filesystems return -ENOSYS.
|
* Other filesystems return -ENOSYS.
|
||||||
*/
|
*/
|
||||||
static long madvise_remove(struct vm_area_struct *vma,
|
static long madvise_remove(struct vm_area_struct *vma,
|
||||||
|
struct vm_area_struct **prev,
|
||||||
unsigned long start, unsigned long end)
|
unsigned long start, unsigned long end)
|
||||||
{
|
{
|
||||||
struct address_space *mapping;
|
struct address_space *mapping;
|
||||||
loff_t offset, endoff;
|
loff_t offset, endoff;
|
||||||
|
|
||||||
|
*prev = vma;
|
||||||
|
|
||||||
if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB))
|
if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -199,7 +202,7 @@ madvise_vma(struct vm_area_struct *vma, struct vm_area_struct **prev,
|
||||||
error = madvise_behavior(vma, prev, start, end, behavior);
|
error = madvise_behavior(vma, prev, start, end, behavior);
|
||||||
break;
|
break;
|
||||||
case MADV_REMOVE:
|
case MADV_REMOVE:
|
||||||
error = madvise_remove(vma, start, end);
|
error = madvise_remove(vma, prev, start, end);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case MADV_WILLNEED:
|
case MADV_WILLNEED:
|
||||||
|
|
Loading…
Reference in a new issue