Commit:     00e9fa2d6421fbbefb4c02821a1e779a3ce47781
Parent:     0465fc0a1c42e18438d391f3a7e661493a9ad68e
Author:     Nick Piggin <[EMAIL PROTECTED]>
AuthorDate: Fri Mar 16 13:38:10 2007 -0800
Committer:  Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Fri Mar 16 19:25:04 2007 -0700

    [PATCH] mm: fix madvise infinine loop
    madvise(MADV_REMOVE) can go into an infinite loop or cause an oops if the
    call covers a region from the start of a vma, and extending past that vma.
    Signed-off-by: Nick Piggin <[EMAIL PROTECTED]>
    Cc: Badari Pulavarty <[EMAIL PROTECTED]>
    Acked-by: Hugh Dickins <[EMAIL PROTECTED]>
    Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
    Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
 mm/madvise.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/mm/madvise.c b/mm/madvise.c
index 4e19615..77916e9 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -155,11 +155,14 @@ static long madvise_dontneed(struct vm_area_struct * vma,
  * Other filesystems return -ENOSYS.
 static long madvise_remove(struct vm_area_struct *vma,
+                               struct vm_area_struct **prev,
                                unsigned long start, unsigned long end)
        struct address_space *mapping;
         loff_t offset, endoff;
+       *prev = vma;
        if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB))
                return -EINVAL;
@@ -199,7 +202,7 @@ madvise_vma(struct vm_area_struct *vma, struct 
vm_area_struct **prev,
                error = madvise_behavior(vma, prev, start, end, behavior);
        case MADV_REMOVE:
-               error = madvise_remove(vma, start, end);
+               error = madvise_remove(vma, prev, start, end);
        case MADV_WILLNEED:
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to