When `next < old_addr`, `next - old_addr` arithmetic underflows
causing `extent` to be incorrect.
Make `extent` the smaller of `next - old_addr` or `old_end - old_addr`.
Reported-by: Guenter Roeck <[email protected]>
Signed-off-by: Kalesh Singh <[email protected]>
---
mm/mremap.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/mm/mremap.c b/mm/mremap.c
index c5590afe7165..f554320281cc 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -358,7 +358,9 @@ static unsigned long get_extent(enum pgt_entry entry, unsigned long old_addr,
next = (old_addr + size) & mask;
/* even if next overflowed, extent below will be ok */
- extent = (next > old_end) ? old_end - old_addr : next - old_addr;
+ extent = next - old_addr;
+ if (extent > old_end - old_addr)
+ extent = old_end - old_addr;
next = (new_addr + size) & mask;
if (extent > next - new_addr)
extent = next - new_addr;
--
2.29.2.729.g45daf8777d-goog
On Sat, Dec 19, 2020 at 05:04:33PM +0000, Kalesh Singh wrote:
> When `next < old_addr`, `next - old_addr` arithmetic underflows
> causing `extent` to be incorrect.
>
> Make `extent` the smaller of `next - old_addr` or `old_end - old_addr`.
>
> Reported-by: Guenter Roeck <[email protected]>
> Signed-off-by: Kalesh Singh <[email protected]>
This patch fixes the problem I had observed when booting 'parisc'
images.
Tested-by: Guenter Roeck <[email protected]>
Guenter
> ---
> mm/mremap.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/mm/mremap.c b/mm/mremap.c
> index c5590afe7165..f554320281cc 100644
> --- a/mm/mremap.c
> +++ b/mm/mremap.c
> @@ -358,7 +358,9 @@ static unsigned long get_extent(enum pgt_entry entry, unsigned long old_addr,
>
> next = (old_addr + size) & mask;
> /* even if next overflowed, extent below will be ok */
> - extent = (next > old_end) ? old_end - old_addr : next - old_addr;
> + extent = next - old_addr;
> + if (extent > old_end - old_addr)
> + extent = old_end - old_addr;
> next = (new_addr + size) & mask;
> if (extent > next - new_addr)
> extent = next - new_addr;
> --
> 2.29.2.729.g45daf8777d-goog
>