Ping... Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx> writes: > This patch is very similar to 84d96d897671: Perform some basic > validation of the input to mremap() before taking the > ¤t->mm->mmap_sem lock. This also makes the MREMAP_FIXED => > MREMAP_MAYMOVE dependency slightly more explicit. > > Signed-off-by: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx> > --- > mm/mremap.c | 18 ++++++++++-------- > 1 file changed, 10 insertions(+), 8 deletions(-) > > diff --git a/mm/mremap.c b/mm/mremap.c > index 463a257..00b6905 100644 > --- a/mm/mremap.c > +++ b/mm/mremap.c > @@ -456,13 +456,14 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, > unsigned long charged = 0; > bool locked = false; > > - down_write(¤t->mm->mmap_sem); > - > if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) > - goto out; > + return ret; > + > + if (flags & MREMAP_FIXED && !(flags & MREMAP_MAYMOVE)) > + return ret; > > if (addr & ~PAGE_MASK) > - goto out; > + return ret; > > old_len = PAGE_ALIGN(old_len); > new_len = PAGE_ALIGN(new_len); > @@ -473,12 +474,13 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, > * a zero new-len is nonsensical. > */ > if (!new_len) > - goto out; > + return ret; > + > + down_write(¤t->mm->mmap_sem); > > if (flags & MREMAP_FIXED) { > - if (flags & MREMAP_MAYMOVE) > - ret = mremap_to(addr, old_len, new_addr, new_len, > - &locked); > + ret = mremap_to(addr, old_len, new_addr, new_len, > + &locked); > goto out; > } > > -- > 1.7.9.5 > > -- > To unsubscribe, send a message with 'unsubscribe linux-mm' in > the body to majordomo@xxxxxxxxx. For more info on Linux MM, > see: http://www.linux-mm.org/ . > Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a> > -- Rasmus Villemoes <http://rasmusvillemoes.dk/> -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>