diff options
| author | Nick Piggin <npiggin@suse.de> | 2008-02-01 21:08:53 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-02-04 10:55:38 -0500 |
| commit | 2f98735c9c24ea1f0d40a364d4e63611b689b795 (patch) | |
| tree | a42b3802449af474d36cda3b6f9fb190a717defb /fs | |
| parent | fe2528b96b02173395f5a75e37714c07f3e25e73 (diff) | |
vm audit: add VM_DONTEXPAND to mmap for drivers that need it
Drivers that register a ->fault handler, but do not range-check the
offset argument, must set VM_DONTEXPAND in the vm_flags in order to
prevent an expanding mremap from overflowing the resource.
I've audited the tree and attempted to fix these problems (usually by
adding VM_DONTEXPAND where it is not obvious).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/ncpfs/mmap.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/fs/ncpfs/mmap.c b/fs/ncpfs/mmap.c index a94473d3072c..5d8dcb9ee326 100644 --- a/fs/ncpfs/mmap.c +++ b/fs/ncpfs/mmap.c | |||
| @@ -50,10 +50,6 @@ static int ncp_file_mmap_fault(struct vm_area_struct *area, | |||
| 50 | pos = vmf->pgoff << PAGE_SHIFT; | 50 | pos = vmf->pgoff << PAGE_SHIFT; |
| 51 | 51 | ||
| 52 | count = PAGE_SIZE; | 52 | count = PAGE_SIZE; |
| 53 | if ((unsigned long)vmf->virtual_address + PAGE_SIZE > area->vm_end) { | ||
| 54 | WARN_ON(1); /* shouldn't happen? */ | ||
| 55 | count = area->vm_end - (unsigned long)vmf->virtual_address; | ||
| 56 | } | ||
| 57 | /* what we can read in one go */ | 53 | /* what we can read in one go */ |
| 58 | bufsize = NCP_SERVER(inode)->buffer_size; | 54 | bufsize = NCP_SERVER(inode)->buffer_size; |
| 59 | 55 | ||