[PATCH] mm: fix madvise infinine loop
madvise(MADV_REMOVE) can go into an infinite loop or cause an oops if the call covers a region from the start of a vma, and extending past that vma. Signed-off-by: Nick Piggin <npiggin@suse.de> Cc: Badari Pulavarty <pbadari@us.ibm.com> Acked-by: Hugh Dickins <hugh@veritas.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
0465fc0a1c
commit
00e9fa2d64
|
@ -155,11 +155,14 @@ static long madvise_dontneed(struct vm_area_struct * vma,
|
|||
* Other filesystems return -ENOSYS.
|
||||
*/
|
||||
static long madvise_remove(struct vm_area_struct *vma,
|
||||
struct vm_area_struct **prev,
|
||||
unsigned long start, unsigned long end)
|
||||
{
|
||||
struct address_space *mapping;
|
||||
loff_t offset, endoff;
|
||||
|
||||
*prev = vma;
|
||||
|
||||
if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB))
|
||||
return -EINVAL;
|
||||
|
||||
|
@ -199,7 +202,7 @@ madvise_vma(struct vm_area_struct *vma, struct vm_area_struct **prev,
|
|||
error = madvise_behavior(vma, prev, start, end, behavior);
|
||||
break;
|
||||
case MADV_REMOVE:
|
||||
error = madvise_remove(vma, start, end);
|
||||
error = madvise_remove(vma, prev, start, end);
|
||||
break;
|
||||
|
||||
case MADV_WILLNEED:
|
||||
|
|
Loading…
Reference in New Issue