diff options
| author | Oleg Nesterov <oleg@tv-sign.ru> | 2004-07-28 09:01:53 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2004-07-28 09:01:53 -0700 |
| commit | fdd1ec1337620062502c4a16ccc183b87202d147 (patch) | |
| tree | d7cf7b59b0545a80ce028a23b8884d14cb48cef8 /fs | |
| parent | 5fcadd1e72a3823a9a2602a6632826386597b2ee (diff) | |
| download | history-fdd1ec1337620062502c4a16ccc183b87202d147.tar.gz | |
[PATCH] hugetlbfs vm_pgoff bugs
1. hugetlbfs_file_mmap() must check that vm_pgoff is hugepage aligned.
2. hugetlb_vmtruncate_list() confuses << with >> while converting
vm_pgoff to huge page offset, and zaps wrong area.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/hugetlbfs/inode.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 85b3a8565a288a..4ec4283159ea11 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -52,6 +52,9 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) loff_t len, vma_len; int ret; + if (vma->vm_pgoff & (HPAGE_SIZE / PAGE_SIZE - 1)) + return -EINVAL; + if (vma->vm_start & ~HPAGE_MASK) return -EINVAL; @@ -278,16 +281,16 @@ hugetlb_vmtruncate_list(struct prio_tree_root *root, unsigned long h_pgoff) unsigned long v_length; unsigned long v_offset; - h_vm_pgoff = vma->vm_pgoff << (HPAGE_SHIFT - PAGE_SHIFT); - v_length = vma->vm_end - vma->vm_start; + h_vm_pgoff = vma->vm_pgoff >> (HPAGE_SHIFT - PAGE_SHIFT); v_offset = (h_pgoff - h_vm_pgoff) << HPAGE_SHIFT; - /* * Is this VMA fully outside the truncation point? */ if (h_vm_pgoff >= h_pgoff) v_offset = 0; + v_length = vma->vm_end - vma->vm_start; + zap_hugepage_range(vma, vma->vm_start + v_offset, v_length - v_offset); |