diff options
| author | Hugh Dickins <hugh@veritas.com> | 2004-06-04 20:52:17 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2004-06-04 20:52:17 -0700 |
| commit | e495dd356078eacdc49998ec147e3df227c11ad8 (patch) | |
| tree | 5c70bf6d930f39f259ef7413aa8f4a02706a9b0d /mm | |
| parent | ad6e519be1a98976388397325c6e3365e42c4271 (diff) | |
| download | history-e495dd356078eacdc49998ec147e3df227c11ad8.tar.gz | |
[PATCH] mm: vma_adjust adjust_next wrap
Fix vma_adjust adjust_next wrapping: Rajesh V. pointed out that if end were
2GB or more beyond next->vm_start (on 32-bit), then next->vm_pgoff would have
been negatively adjusted.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Rajesh Venkatasubramanian <vrajesh@umich.edu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'mm')
| -rw-r--r-- | mm/mmap.c | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/mm/mmap.c b/mm/mmap.c index a930fd4f56a507..c77fec7b00c4e8 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -373,20 +373,27 @@ void vma_adjust(struct vm_area_struct *vma, unsigned long start, if (next && !insert) { if (end >= next->vm_end) { + /* + * vma expands, overlapping all the next, and + * perhaps the one after too (mprotect case 6). + */ again: remove_next = 1 + (end > next->vm_end); end = next->vm_end; anon_vma = next->anon_vma; - } else if (end < vma->vm_end || end > next->vm_start) { + } else if (end > next->vm_start) { /* - * vma shrinks, and !insert tells it's not - * split_vma inserting another: so it must - * be mprotect shifting the boundary down. - * Or: * vma expands, overlapping part of the next: - * must be mprotect shifting the boundary up. + * mprotect case 5 shifting the boundary up. + */ + adjust_next = (end - next->vm_start) >> PAGE_SHIFT; + anon_vma = next->anon_vma; + } else if (end < vma->vm_end) { + /* + * vma shrinks, and !insert tells it's not + * split_vma inserting another: so it must be + * mprotect case 4 shifting the boundary down. */ - BUG_ON(vma->vm_end != next->vm_start); - adjust_next = end - next->vm_start; + adjust_next = - ((vma->vm_end - end) >> PAGE_SHIFT); anon_vma = next->anon_vma; } } @@ -418,8 +425,8 @@ again: remove_next = 1 + (end > next->vm_end); vma->vm_end = end; vma->vm_pgoff = pgoff; if (adjust_next) { - next->vm_start += adjust_next; - next->vm_pgoff += adjust_next >> PAGE_SHIFT; + next->vm_start += adjust_next << PAGE_SHIFT; + next->vm_pgoff += adjust_next; } if (root) { |