The patch titled mm: madvise(): correct return code has been added to the -mm tree. Its filename is mm-madvise-correct-return-code.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find out what to do about this The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: mm: madvise(): correct return code From: Nick Piggin <npiggin@xxxxxxx> The posix_madvise() function succeeds (and does nothing) when called with parameters (NULL, 0, -1); according to LSB tests, it should fail with EINVAL because -1 is not a valid flag. When called with a valid address and size, it correctly fails. So perform an initial check for valid flags first. Reported-by: Jiri Dluhos <jdluhos@xxxxxxxxxx> Signed-off-by: Nick Piggin <npiggin@xxxxxxx> Reviewed-and-Tested-by: WANG Cong <xiyou.wangcong@xxxxxxxxx> Cc: Michael Kerrisk <mtk.manpages@xxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/madvise.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff -puN mm/madvise.c~mm-madvise-correct-return-code mm/madvise.c --- a/mm/madvise.c~mm-madvise-correct-return-code +++ a/mm/madvise.c @@ -246,12 +246,30 @@ madvise_vma(struct vm_area_struct *vma, break; default: - error = -EINVAL; + BUG(); break; } return error; } +static int +madvise_behavior_valid(int behavior) +{ + switch (behavior) { + case MADV_DOFORK: + case MADV_DONTFORK: + case MADV_NORMAL: + case MADV_SEQUENTIAL: + case MADV_RANDOM: + case MADV_REMOVE: + case MADV_WILLNEED: + case MADV_DONTNEED: + return 1; + + default: + return 0; + } +} /* * The madvise(2) system call. * @@ -297,6 +315,9 @@ SYSCALL_DEFINE3(madvise, unsigned long, int write; size_t len; + if (!madvise_behavior_valid(behavior)) + return error; + write = madvise_need_mmap_write(behavior); if (write) down_write(¤t->mm->mmap_sem); _ Patches currently in -mm which might be from npiggin@xxxxxxx are origin.patch linux-next.patch readahead-move-max_sane_readahead-calls-into-force_page_cache_readahead.patch readahead-apply-max_sane_readahead-limit-in-ondemand_readahead.patch readahead-remove-sync-async-readahead-call-dependency.patch readahead-clean-up-and-simplify-the-code-for-filemap-page-fault-readahead.patch readahead-sequential-mmap-readahead.patch readahead-enforce-full-readahead-size-on-async-mmap-readahead.patch readahead-record-mmap-read-around-states-in-file_ra_state.patch mm-clean-up-get_user_pages_fast-documentation.patch mm-clean-up-get_user_pages_fast-documentation-checkpatch-fixes.patch vmscan-cleanup-the-scan-batching-code.patch vmscan-dont-export-nr_saved_scan-in-proc-zoneinfo.patch mm-madvise-correct-return-code.patch atomic-only-take-lock-when-the-counter-drops-to-zero-on-up-as-well.patch reiser4.patch fs-symlink-write_begin-allocation-context-fix-reiser4-fix.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html