Fix the error handling in sys_mmap2(). Currently, if the pgoff check fails,
fput() might have to be called (which it isn't), so do the pgoff check first,
before fget() is called.
Signed-off-by: David Howells <[email protected]>
---
arch/frv/kernel/sys_frv.c | 17 ++++++++---------
1 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/arch/frv/kernel/sys_frv.c b/arch/frv/kernel/sys_frv.c
index 49b2cf2..baadc97 100644
--- a/arch/frv/kernel/sys_frv.c
+++ b/arch/frv/kernel/sys_frv.c
@@ -35,22 +35,21 @@ asmlinkage long sys_mmap2(unsigned long addr, unsigned long len,
int error = -EBADF;
struct file * file = NULL;
- flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
- if (!(flags & MAP_ANONYMOUS)) {
- file = fget(fd);
- if (!file)
- goto out;
- }
-
/* As with sparc32, make sure the shift for mmap2 is constant
(12), no matter what PAGE_SIZE we have.... */
/* But unlike sparc32, don't just silently break if we're
trying to map something we can't */
- if (pgoff & ((1<<(PAGE_SHIFT-12))-1))
+ if (pgoff & ((1 << (PAGE_SHIFT - 12)) - 1))
return -EINVAL;
+ pgoff >>= PAGE_SHIFT - 12;
- pgoff >>= (PAGE_SHIFT - 12);
+ flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
+ if (!(flags & MAP_ANONYMOUS)) {
+ file = fget(fd);
+ if (!file)
+ goto out;
+ }
down_write(¤t->mm->mmap_sem);
error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
On Thu, Nov 27, 2008 at 03:12:38PM +0000, David Howells wrote:
> Fix the error handling in sys_mmap2(). Currently, if the pgoff check fails,
> fput() might have to be called (which it isn't), so do the pgoff check first,
> before fget() is called.
*sigh*.
My reaction was "Why do we have sys_mmap2 in every architecture?" So I
started looking. Oh dear, oh dear oh dear.
FRV:
/* As with sparc32, make sure the shift for mmap2 is constant
(12), no matter what PAGE_SIZE we have.... */
ia64:
Just uses PAGE_SIZE (currently supported values: 4k, 8k, 16k and 64k).
So what is poor userspace to do? Check which architecture it's on and
figure out what PAGE_SIZE to use for mmap2 based on that?
How about we introduce a sys_mmap6() in common code which takes 'off'
in multiples of 4k. Then FRV and other sane architectures can replace
their sys_mmap2 entries in their syscall tables with sys_mmap6. ia64 has
to keep its insane sys_mmap2 entry, but it can add a sys_mmap6 entry too.
--
Matthew Wilcox Intel Open Source Technology Centre
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours. We can't possibly take such
a retrograde step."