On 1/3/19 5:59 PM, Roman Penyaev wrote:
> area->size can include adjacent guard page but get_vm_area_size()
> returns actual size of the area.
>
> This fixes possible kernel crash when userspace tries to map area
> on 1 page bigger: size check passes but the following vmalloc_to_page()
> returns NULL on last guard (non-existing) page.
>
> Signed-off-by: Roman Penyaev <rpeny...@suse.de>
> Cc: Andrew Morton <a...@linux-foundation.org>
> Cc: Michal Hocko <mho...@suse.com>
> Cc: Andrey Ryabinin <aryabi...@virtuozzo.com>
> Cc: Joe Perches <j...@perches.com>
> Cc: "Luis R. Rodriguez" <mcg...@kernel.org>
> Cc: linux...@kvack.org
> Cc: linux-kernel@vger.kernel.org
> Cc: sta...@vger.kernel.org
> ---
Fixes: e69e9d4aee71 ("vmalloc: introduce remap_vmalloc_range_partial")
Acked-by: Andrey Ryabinin <aryabi...@virtuozzo.com>
