diff options
| -rw-r--r-- | ipc/shm.c | 13 |
1 files changed, 9 insertions, 4 deletions
| @@ -1091,8 +1091,8 @@ out_unlock1: | |||
| 1091 | * "raddr" thing points to kernel space, and there has to be a wrapper around | 1091 | * "raddr" thing points to kernel space, and there has to be a wrapper around |
| 1092 | * this. | 1092 | * this. |
| 1093 | */ | 1093 | */ |
| 1094 | long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, | 1094 | long do_shmat(int shmid, char __user *shmaddr, int shmflg, |
| 1095 | unsigned long shmlba) | 1095 | ulong *raddr, unsigned long shmlba) |
| 1096 | { | 1096 | { |
| 1097 | struct shmid_kernel *shp; | 1097 | struct shmid_kernel *shp; |
| 1098 | unsigned long addr; | 1098 | unsigned long addr; |
| @@ -1113,8 +1113,13 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, | |||
| 1113 | goto out; | 1113 | goto out; |
| 1114 | else if ((addr = (ulong)shmaddr)) { | 1114 | else if ((addr = (ulong)shmaddr)) { |
| 1115 | if (addr & (shmlba - 1)) { | 1115 | if (addr & (shmlba - 1)) { |
| 1116 | if (shmflg & SHM_RND) | 1116 | /* |
| 1117 | addr &= ~(shmlba - 1); /* round down */ | 1117 | * Round down to the nearest multiple of shmlba. |
| 1118 | * For sane do_mmap_pgoff() parameters, avoid | ||
| 1119 | * round downs that trigger nil-page and MAP_FIXED. | ||
| 1120 | */ | ||
| 1121 | if ((shmflg & SHM_RND) && addr >= shmlba) | ||
| 1122 | addr &= ~(shmlba - 1); | ||
| 1118 | else | 1123 | else |
| 1119 | #ifndef __ARCH_FORCE_SHMLBA | 1124 | #ifndef __ARCH_FORCE_SHMLBA |
| 1120 | if (addr & ~PAGE_MASK) | 1125 | if (addr & ~PAGE_MASK) |