uprobes: Fix register_for_each_vma()->vma_address() check

1. register_for_each_vma() checks that vma_address() == vaddr,
   but this is not enough. We should also ensure that
   vaddr >= vm_start, find_vma() guarantees "vaddr < vm_end" only.

2. After the prevous changes, register_for_each_vma() is the
   only reason why vma_address() has to return loff_t, all other
   users know that we have the valid mapping at this offset and
   thus the overflow is not possible.

   Change the code to use vaddr_to_offset() instead, imho this looks
   more clean/understandable and now we can change vma_address().

3. While at it, remove the unnecessary type-cast.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Srikar Dronamraju <srikar.vnet.ibm.com>
Cc: Anton Arapov <anton@redhat.com>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Link: http://lkml.kernel.org/r/20120729182244.GA20362@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>

1 files changed, 5 insertions, 4 deletions

diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
index b03256cced52..cdc3c951251c 100644
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -823,12 +823,13 @@ static int register_for_each_vma(struct uprobe *uprobe, bool is_register)
                         goto free;
 
                 down_write(&mm->mmap_sem);
-                vma = find_vma(mm, (unsigned long)info->vaddr);
-                if (!vma || !valid_vma(vma, is_register))
+                vma = find_vma(mm, info->vaddr);
+                if (!vma || !valid_vma(vma, is_register) ||
+                    vma->vm_file->f_mapping->host != uprobe->inode)
                         goto unlock;
 
-                if (vma->vm_file->f_mapping->host != uprobe->inode ||
-                    vma_address(vma, uprobe->offset) != info->vaddr)
+                if (vma->vm_start > info->vaddr ||
+                    vaddr_to_offset(vma, info->vaddr) != uprobe->offset)
                         goto unlock;
 
                 if (is_register) {