[patch 07/12] powerpc: Fix size check for hugetlbfs
-stable review patch. If anyone has any objections, please let us know. -- From: Benjamin Herrenschmidt [EMAIL PROTECTED] My slices address space management code that was added in 2.6.22 implementation of get_unmapped_area() doesn't properly check that the size is a multiple of the requested page size. This allows userland to create VMAs that aren't a multiple of the huge page size with hugetlbfs (since hugetlbfs entirely relies on get_unmapped_area() to do that checking) which leads to a kernel BUG() when such areas are torn down. Signed-off-by: Benjamin Herrenschmidt [EMAIL PROTECTED] Signed-off-by: Paul Mackerras [EMAIL PROTECTED] Signed-off-by: Greg Kroah-Hartman [EMAIL PROTECTED] --- arch/powerpc/mm/slice.c |2 ++ 1 file changed, 2 insertions(+) --- a/arch/powerpc/mm/slice.c +++ b/arch/powerpc/mm/slice.c @@ -405,6 +405,8 @@ unsigned long slice_get_unmapped_area(un if (len mm-task_size) return -ENOMEM; + if (len ((1ul pshift) - 1)) + return -EINVAL; if (fixed (addr ((1ul pshift) - 1))) return -EINVAL; if (fixed addr (mm-task_size - len)) -- ___ Linuxppc-dev mailing list Linuxppc-dev@ozlabs.org https://ozlabs.org/mailman/listinfo/linuxppc-dev
Re: [patch 07/12] powerpc: Fix size check for hugetlbfs
On Tue, Aug 14, 2007 at 12:29:18AM -0700, Greg KH wrote: -stable review patch. If anyone has any objections, please let us know. -- From: Benjamin Herrenschmidt [EMAIL PROTECTED] My slices address space management code that was added in 2.6.22 implementation of get_unmapped_area() doesn't properly check that the size is a multiple of the requested page size. This allows userland to create VMAs that aren't a multiple of the huge page size with hugetlbfs (since hugetlbfs entirely relies on get_unmapped_area() to do that checking) which leads to a kernel BUG() when such areas are torn down. Signed-off-by: Benjamin Herrenschmidt [EMAIL PROTECTED] Signed-off-by: Paul Mackerras [EMAIL PROTECTED] Signed-off-by: Greg Kroah-Hartman [EMAIL PROTECTED] Acked-by: David Gibson [EMAIL PROTECTED] -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson ___ Linuxppc-dev mailing list Linuxppc-dev@ozlabs.org https://ozlabs.org/mailman/listinfo/linuxppc-dev
