On Thu, Jul 29, 2010 at 10:08 AM, Hiroshi DOYU <Hiroshi.DOYU@xxxxxxxxx> wrote:
> On Sun, 25 Jul 2010 22:10:32 +0200
> ext Felipe Contreras <felipe.contreras@xxxxxxxxx> wrote:
>> On Fri, Nov 6, 2009 at 3:34 PM, Hiroshi DOYU <Hiroshi.DOYU@xxxxxxxxx> wrote:
>> > @@ -690,14 +732,19 @@ static int memory_check_vma(unsigned long start, u32 len)
>> > if (end <= start)
>> > return -EINVAL;
>> >
>> > - down_read(¤t->mm->mmap_sem);
>> > -
>> > while ((vma = find_vma(current->mm, start)) != NULL) {
>> > + ssize_t size;
>> >
>> > - if (vma->vm_start > start) {
>> > - err = -EINVAL;
>> > + if (vma->vm_flags & (VM_IO | VM_PFNMAP))
>> > + return -EINVAL;
>> > +
>> > + if (vma->vm_start > start)
>> > + return -EINVAL;
>> > +
>> > + size = min_t(ssize_t, vma->vm_end - start, len);
>>
>> This 'len' is the total length, which is not what we want; in each
>> iteration the length should be decreased so that it's always the
>> remaining length. Right?
>>
>> len -= size;
>
> Great finding and I'm so sorry for this bug...
All right, thanks for confirming :)
--
Felipe Contreras
--
To unsubscribe from this list: send the line "unsubscribe linux-omap" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
