3.8.13.27 -stable review patch. If anyone has any objections, please let me know. ------------------ From: Bin Wang <binw@xxxxxxxxxxx> commit ddb09754e6c7239e302c7b675df9bbd415f8de5d upstream. the vma range size is always page size aligned in mmap, while the real io space range may not be page aligned, thus leading to range check failure in the uio_mmap_physical(). for example, in a case of io range size "mem->size == 1KB", and we have (vma->vm_end - vma->vm_start) == 4KB, due to "len" is aligned to page size in do_mmap_pgoff(). now fix this issue by align mem->size to page size in the check. Signed-off-by: Bin Wang <binw@xxxxxxxxxxx> Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@xxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Kamal Mostafa <kamal@xxxxxxxxxxxxx> --- drivers/uio/uio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c index 9981b9b..354c095 100644 --- a/drivers/uio/uio.c +++ b/drivers/uio/uio.c @@ -657,7 +657,7 @@ static int uio_mmap_physical(struct vm_area_struct *vma) if (mem->addr & ~PAGE_MASK) return -ENODEV; - if (vma->vm_end - vma->vm_start > mem->size) + if (vma->vm_end - vma->vm_start > PAGE_ALIGN(mem->size)) return -EINVAL; vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html