The inner function walk_pte_range() increments "addr" by PAGE_SIZE after each pte is processed, and only exits the loop if the result is equal to "end". Current, if either (or both of) the starting or ending addresses passed to walk_page_range() are not page-aligned, then we will never satisfy that exit condition and begin calling the pte_entry handler with bad data. To be sure that we will land in the right spot, this patch checks that both "addr" and "end" are page-aligned in walk_page_range() before starting the traversal. Signed-off-by: Dan Smith <danms@xxxxxxxxxx> Cc: linux-mm@xxxxxxxxx Cc: linux-kernel@xxxxxxxxxxxxxxx --- mm/pagewalk.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/mm/pagewalk.c b/mm/pagewalk.c index 2f5cf10..9242bfc 100644 --- a/mm/pagewalk.c +++ b/mm/pagewalk.c @@ -196,6 +196,8 @@ int walk_page_range(unsigned long addr, unsigned long end, if (addr >= end) return err; + VM_BUG_ON((addr & ~PAGE_MASK) || (end & ~PAGE_MASK)); + if (!walk->mm) return -EINVAL; -- 1.7.9 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>