lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1308029770-6176-1-git-send-email-lliubbo@gmail.com>
Date:	Tue, 14 Jun 2011 13:36:10 +0800
From:	Bob Liu <lliubbo@...il.com>
To:	<akpm@...ux-foundation.org>
CC:	<linux-kernel@...r.kernel.org>, <dhowells@...hat.com>,
	<gerg@...pgear.com>, <lethal@...ux-sh.org>, <gerg@...inux.org>,
	<geert@...ux-m68k.org>, Bob Liu <lliubbo@...il.com>
Subject: [PATCH] romfs: fix romfs_get_unmapped_area() param check

romfs_get_unmapped_area() check param len without considering PAGE_ALIGN which
will cause do_mmap_pgoff() return -EINVAL error after commit f67d9b1576c
nommu: add page_align to mmap.

This patch fix the param check by changing it to the same way which function
ramfs_nommu_get_unmapped_area() did in ramfs/file-nommu.c.

Signed-off-by: Bob Liu <lliubbo@...il.com>
---
 fs/romfs/mmap-nommu.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/fs/romfs/mmap-nommu.c b/fs/romfs/mmap-nommu.c
index f0511e8..eed9942 100644
--- a/fs/romfs/mmap-nommu.c
+++ b/fs/romfs/mmap-nommu.c
@@ -27,14 +27,18 @@ static unsigned long romfs_get_unmapped_area(struct file *file,
 {
 	struct inode *inode = file->f_mapping->host;
 	struct mtd_info *mtd = inode->i_sb->s_mtd;
-	unsigned long isize, offset;
+	unsigned long isize, offset, maxpages, lpages;
 
 	if (!mtd)
 		goto cant_map_directly;
 
+	/* the mapping mustn't extend beyond the EOF */
+	lpages = (len + PAGE_SIZE - 1) >> PAGE_SHIFT;
 	isize = i_size_read(inode);
 	offset = pgoff << PAGE_SHIFT;
-	if (offset > isize || len > isize || offset > isize - len)
+
+	maxpages = (isize + PAGE_SIZE - 1) >> PAGE_SHIFT;
+	if ((pgoff >= maxpages) || (maxpages - pgoff < lpages))
 		return (unsigned long) -EINVAL;
 
 	/* we need to call down to the MTD layer to do the actual mapping */
-- 
1.6.3.3


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ