Linus Torvalds 982134ba62 mm: avoid wrapping vm_pgoff in mremap()
The normal mmap paths all avoid creating a mapping where the pgoff
inside the mapping could wrap around due to overflow.  However, an
expanding mremap() can take such a non-wrapping mapping and make it
bigger and cause a wrapping condition.

Noticed by Robert Swiecki when running a system call fuzzer, where it
caused a BUG_ON() due to terminally confusing the vma_prio_tree code.  A
vma dumping patch by Hugh then pinpointed the crazy wrapped case.

Reported-and-tested-by: Robert Swiecki <robert@swiecki.net>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-04-07 07:35:51 -07:00
..
2009-04-01 08:59:13 -07:00
2011-03-17 13:08:27 -03:00
2011-03-27 19:30:18 -07:00
2009-09-22 07:17:35 -07:00
2010-03-24 16:31:21 -07:00
2011-01-13 17:32:46 -08:00
2010-05-21 18:31:21 -04:00
2011-03-29 14:05:12 +01:00
2011-03-10 08:52:27 +01:00
2007-10-20 01:27:18 +02:00
2011-03-10 08:52:26 +01:00
2011-03-22 17:44:01 -07:00
2011-01-13 17:32:43 -08:00
2011-03-10 08:52:07 +01:00
2011-03-22 17:44:09 -07:00
2009-06-23 12:50:05 -07:00
2011-03-22 17:44:03 -07:00
2011-03-22 17:44:05 -07:00