On Sat, 20 Jul 2013, Oleg Nesterov wrote: > mmap() doesn't allow the non-anonymous mappings with VM_GROWS* bit set. > In particular this means that mmap_region()->vma_merge(file, vm_flags) > must always fail if "vm_flags & VM_GROWS" is set incorrectly. > > So it does not make sense to check VM_GROWS* after we already allocated > the new vma, the only caller, do_mmap_pgoff(), which can pass this flag > can do the check itself. > > And this looks a bit more correct, mmap_region() already unmapped the > old mapping at this stage. But if mmap() is going to fail, it should > avoid do_munmap() if possible. > > Note: we check VM_GROWS at the end to ensure that do_mmap_pgoff() won't > return EINVAL in the case when it currently returns another error code. > > Many thanks to Hugh who nacked the buggy v1.
Aw shucks, no need for that! > > Signed-off-by: Oleg Nesterov <[email protected]> Looks fine to me now, thanks Oleg; as do your other two. Acked-by: Hugh Dickins <[email protected]> > --- > mm/mmap.c | 10 ++++------ > 1 files changed, 4 insertions(+), 6 deletions(-) > > diff --git a/mm/mmap.c b/mm/mmap.c > index fbad7b0..92d9f54 100644 > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -1302,6 +1302,8 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned > long addr, > > if (!file->f_op || !file->f_op->mmap) > return -ENODEV; > + if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP)) > + return -EINVAL; > break; > > default: > @@ -1310,6 +1312,8 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned > long addr, > } else { > switch (flags & MAP_TYPE) { > case MAP_SHARED: > + if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP)) > + return -EINVAL; > /* > * Ignore pgoff. > */ > @@ -1544,11 +1548,7 @@ munmap_back: > vma->vm_pgoff = pgoff; > INIT_LIST_HEAD(&vma->anon_vma_chain); > > - error = -EINVAL; /* when rejecting VM_GROWSDOWN|VM_GROWSUP */ > - > if (file) { > - if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP)) > - goto free_vma; > if (vm_flags & VM_DENYWRITE) { > error = deny_write_access(file); > if (error) > @@ -1573,8 +1573,6 @@ munmap_back: > pgoff = vma->vm_pgoff; > vm_flags = vma->vm_flags; > } else if (vm_flags & VM_SHARED) { > - if (unlikely(vm_flags & (VM_GROWSDOWN|VM_GROWSUP))) > - goto free_vma; > error = shmem_zero_setup(vma); > if (error) > goto free_vma; > -- > 1.5.5.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
