From: Hugh Dickins <hugh@veritas.com>
Date: Wed, 22 Jun 2005 13:02:41 +0000 (+0100)
Subject: [PATCH] fix remap_pte_range BUG
X-Git-Tag: v2.6.12.2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=986bd4301425ab01934f8efe08ed9433b45492bb;p=thirdparty%2Fkernel%2Fstable.git

[PATCH] fix remap_pte_range BUG

Out-of-tree user of remap_pfn_range hit kernel BUG at mm/memory.c:1112!
It passes an unrounded size to remap_pfn_range, which was okay before
2.6.12, but misses remap_pte_range's new end condition.  An audit of
all the other ptwalks confirms that this is the only one so exposed.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
---

diff --git a/mm/memory.c b/mm/memory.c
index d209f745db7fb..2f88f084fea52 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1164,7 +1164,7 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
 {
 	pgd_t *pgd;
 	unsigned long next;
-	unsigned long end = addr + size;
+	unsigned long end = addr + PAGE_ALIGN(size);
 	struct mm_struct *mm = vma->vm_mm;
 	int err;