The patch titled
Subject: mm/mmap.c: fix off-by-one in mmap overflow check
has been removed from the -mm tree. Its filename was
mm-mmapc-fix-off-by-one-in-mmap-overflow-check.patch
This patch was dropped because it was withdrawn
------------------------------------------------------
From: Reese Faucette <reesefaucette@xxxxxxxxx>
Subject: mm/mmap.c: fix off-by-one in mmap overflow check
When checking for overflow, the code in mm/mmap.c compares the first byte
*after* the end of mapped region to the start of the region instead of the
last byte of the mapped region.
This prevents mapping a region which abuts the end of physical space, as
mmap() incorrectly rejects the region with -EOVERFLOW, because pgoff +
(len >> PAGE_SHIFT) will be 0, which is < pgoff. -reese
Cc: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/mmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -puN mm/mmap.c~mm-mmapc-fix-off-by-one-in-mmap-overflow-check mm/mmap.c
--- a/mm/mmap.c~mm-mmapc-fix-off-by-one-in-mmap-overflow-check
+++ a/mm/mmap.c
@@ -1280,7 +1280,7 @@ unsigned long do_mmap_pgoff(struct file
return -ENOMEM;
/* offset overflow? */
- if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
+ if ((pgoff + (len >> PAGE_SHIFT) - 1) < pgoff)
return -EOVERFLOW;
/* Too many mappings? */
_
Patches currently in -mm which might be from reesefaucette@xxxxxxxxx are
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
