mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-07 13:43:51 +00:00
[PATCH] uclinux: fix mmap() of directory for nommu case
I was playing with blackfin when i hit a neat bug ... doing an open() on a directory and then passing that fd to mmap() would cause the kernel to hang after poking into the code a bit more, i found that mm/nommu.c:validate_mmap_request() checks the length and if it is 0, just returns the address ... this is in stark contrast to mmu's mm/mmap.c:do_mmap_pgoff() where it returns -EINVAL for 0 length requests ... i then noticed that some other parts of the logic is out of date between the two funcs, so perhaps that's the easy fix ? Signed-off-by: Greg Ungerer <gerg@uclinux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
3363c9b0ed
commit
f81cff0d40
12
mm/nommu.c
12
mm/nommu.c
@ -497,15 +497,17 @@ static int validate_mmap_request(struct file *file,
|
|||||||
(flags & MAP_TYPE) != MAP_SHARED)
|
(flags & MAP_TYPE) != MAP_SHARED)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (PAGE_ALIGN(len) == 0)
|
if (!len)
|
||||||
return addr;
|
|
||||||
|
|
||||||
if (len > TASK_SIZE)
|
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
/* Careful about overflows.. */
|
||||||
|
len = PAGE_ALIGN(len);
|
||||||
|
if (!len || len > TASK_SIZE)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
/* offset overflow? */
|
/* offset overflow? */
|
||||||
if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
|
if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
|
||||||
return -EINVAL;
|
return -EOVERFLOW;
|
||||||
|
|
||||||
if (file) {
|
if (file) {
|
||||||
/* validate file mapping requests */
|
/* validate file mapping requests */
|
||||||
|
Loading…
Reference in New Issue
Block a user