mm: fix overflow in vm_map_ram()
When remapping pages accounting for 4G or more memory space, the operation 'count << PAGE_SHIFT' overflows as it is performed on an integer. Solution: cast before doing the bitshift. [akpm@linux-foundation.org: fix vm_unmap_ram() also] [akpm@linux-foundation.org: fix vmap() as well, per Guillermo] Link: http://lkml.kernel.org/r/etPan.57175fb3.7a271c6b.2bd@naudit.es Signed-off-by: Guillermo Julián Moreno <guillermo.julian@naudit.es> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
4340fa5529
commit
65ee03c4b9
1 changed files with 5 additions and 4 deletions
|
@ -1105,7 +1105,7 @@ EXPORT_SYMBOL_GPL(vm_unmap_aliases);
|
||||||
*/
|
*/
|
||||||
void vm_unmap_ram(const void *mem, unsigned int count)
|
void vm_unmap_ram(const void *mem, unsigned int count)
|
||||||
{
|
{
|
||||||
unsigned long size = count << PAGE_SHIFT;
|
unsigned long size = (unsigned long)count << PAGE_SHIFT;
|
||||||
unsigned long addr = (unsigned long)mem;
|
unsigned long addr = (unsigned long)mem;
|
||||||
|
|
||||||
BUG_ON(!addr);
|
BUG_ON(!addr);
|
||||||
|
@ -1140,7 +1140,7 @@ EXPORT_SYMBOL(vm_unmap_ram);
|
||||||
*/
|
*/
|
||||||
void *vm_map_ram(struct page **pages, unsigned int count, int node, pgprot_t prot)
|
void *vm_map_ram(struct page **pages, unsigned int count, int node, pgprot_t prot)
|
||||||
{
|
{
|
||||||
unsigned long size = count << PAGE_SHIFT;
|
unsigned long size = (unsigned long)count << PAGE_SHIFT;
|
||||||
unsigned long addr;
|
unsigned long addr;
|
||||||
void *mem;
|
void *mem;
|
||||||
|
|
||||||
|
@ -1574,14 +1574,15 @@ void *vmap(struct page **pages, unsigned int count,
|
||||||
unsigned long flags, pgprot_t prot)
|
unsigned long flags, pgprot_t prot)
|
||||||
{
|
{
|
||||||
struct vm_struct *area;
|
struct vm_struct *area;
|
||||||
|
unsigned long size; /* In bytes */
|
||||||
|
|
||||||
might_sleep();
|
might_sleep();
|
||||||
|
|
||||||
if (count > totalram_pages)
|
if (count > totalram_pages)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
area = get_vm_area_caller((count << PAGE_SHIFT), flags,
|
size = (unsigned long)count << PAGE_SHIFT;
|
||||||
__builtin_return_address(0));
|
area = get_vm_area_caller(size, flags, __builtin_return_address(0));
|
||||||
if (!area)
|
if (!area)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue