>> I guess the latter is the more likely: maybe the truncate_count/restart >> logic isn't working properly. ÂI'll try to check over that again later - >> but will be happy if someone else beats me to it. > > I have since found an omission in the restart_addr logic: looking back > at the October 2004 history of vm_truncate_count, I see that originally > I designed it to work one way, but hurriedly added a 7/6 redesign when > vma splitting turned out to leave an ambiguity. ÂI should have updated > the protection in mremap move at that time, but missed it. > > Robert, please try out the patch below (should apply fine to 2.6.35): In the beginning of Jan (3-4) at earliest I'm afraid, i.e. when I manage to get to my console-over-rs232 setup. > I'm hoping this will fix what the fuzzer found, but it's still quite > possible that it found something else wrong that I've not yet noticed. > The patch could probably be cleverer (if we exported the notion of > restart_addr out of mm/memory.c), but I'm more in the mood for being > safe than clever at the moment. -- Robert ÅwiÄcki -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom policy in Canada: sign http://dissolvethecrtc.ca/ Don't email: <a href