aboutsummaryrefslogtreecommitdiff
path: root/mm/madvise.c
diff options
context:
space:
mode:
authorZhang Yanfei2013-07-08 16:00:19 -0700
committerLinus Torvalds2013-07-09 10:33:23 -0700
commitbcb615a81b1765864c71c50afb56631e7a1e5283 (patch)
tree216f4970befea4f21394fc76e9b55cf15424c678 /mm/madvise.c
parent64363aad5ff1b878230e91223038c26a2205bff3 (diff)
mm/vmalloc.c: fix an overflow bug in alloc_vmap_area()
When searching a vmap area in the vmalloc space, we use (addr + size - 1) to check if the value is less than addr, which is an overflow. But we assign (addr + size) to vmap_area->va_end. So if we come across the below case: (addr + size - 1) : not overflow (addr + size) : overflow we will assign an overflow value (e.g 0) to vmap_area->va_end, And this will trigger BUG in __insert_vmap_area, causing system panic. So using (addr + size) to check the overflow should be the correct behaviour, not (addr + size - 1). Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com> Reported-by: Ghennadi Procopciuc <unix140@gmail.com> Tested-by: Daniel Baluta <dbaluta@ixiacom.com> Cc: David Rientjes <rientjes@google.com> Cc: Minchan Kim <minchan@kernel.org> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/madvise.c')
0 files changed, 0 insertions, 0 deletions