[BUG][PATCH] hugetlbfs vm_pgoff bugs.

From: Oleg Nesterov
Date: Fri Jul 09 2004 - 09:11:12 EST

Next message: Christoph Hellwig: "Re: [PATCH] s390 - mark IPv6 support for QETH as broken"
Previous message: Oleg Nesterov: "[BUG][PATCH] resend, /dev/zero vs hugetlb mappings."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

1. hugetlbfs_file_mmap() must check that vm_pgoff is hugepage aligned.

2. hugetlb_vmtruncate_list() confuses << with >> while converting
vm_pgoff to huge page offset, and zaps wrong area.

Patch against mm7.

Oleg.

Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>

--- 2.6.7-mm7/fs/hugetlbfs/inode.c.orig 2004-07-09 16:41:15.000000000 +0400
+++ 2.6.7-mm7/fs/hugetlbfs/inode.c 2004-07-09 16:56:02.000000000 +0400
@@ -52,6 +52,9 @@ static int hugetlbfs_file_mmap(struct fi
loff_t len, vma_len;
int ret;

+ if (vma->vm_pgoff & (HPAGE_SIZE / PAGE_SIZE - 1))
+ return -EINVAL;
+
if (vma->vm_start & ~HPAGE_MASK)
return -EINVAL;

@@ -280,16 +283,16 @@ hugetlb_vmtruncate_list(struct prio_tree
unsigned long v_length;
unsigned long v_offset;

- h_vm_pgoff = vma->vm_pgoff << (HPAGE_SHIFT - PAGE_SHIFT);
- v_length = vma->vm_end - vma->vm_start;
+ h_vm_pgoff = vma->vm_pgoff >> (HPAGE_SHIFT - PAGE_SHIFT);
v_offset = (h_pgoff - h_vm_pgoff) << HPAGE_SHIFT;
-
/*
* Is this VMA fully outside the truncation point?
*/
if (h_vm_pgoff >= h_pgoff)
v_offset = 0;

+ v_length = vma->vm_end - vma->vm_start;
+
zap_hugepage_range(vma,
vma->vm_start + v_offset,
v_length - v_offset);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Hellwig: "Re: [PATCH] s390 - mark IPv6 support for QETH as broken"
Previous message: Oleg Nesterov: "[BUG][PATCH] resend, /dev/zero vs hugetlb mappings."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]