mm: fix overflow in vm_map_ram() (65ee03c4) · Commits · e / devices / android_kernel_oneplus_sm7250

mm/vmalloc.c

+5 −4

Original line number	Original line	Diff line number	Diff line
	@@ -1105,7 +1105,7 @@ EXPORT_SYMBOL_GPL(vm_unmap_aliases);
	*/		*/
	void vm_unmap_ram(const void *mem, unsigned int count)		void vm_unmap_ram(const void *mem, unsigned int count)
	{		{
	unsigned long size = count << PAGE_SHIFT;		unsigned long size = (unsigned long)count << PAGE_SHIFT;
	unsigned long addr = (unsigned long)mem;		unsigned long addr = (unsigned long)mem;

	BUG_ON(!addr);		BUG_ON(!addr);
	@@ -1140,7 +1140,7 @@ EXPORT_SYMBOL(vm_unmap_ram);
	*/		*/
	void vm_map_ram(struct page *pages, unsigned int count, int node, pgprot_t prot)		void vm_map_ram(struct page *pages, unsigned int count, int node, pgprot_t prot)
	{		{
	unsigned long size = count << PAGE_SHIFT;		unsigned long size = (unsigned long)count << PAGE_SHIFT;
	unsigned long addr;		unsigned long addr;
	void *mem;		void *mem;

	@@ -1574,14 +1574,15 @@ void vmap(struct page *pages, unsigned int count,
	unsigned long flags, pgprot_t prot)		unsigned long flags, pgprot_t prot)
	{		{
	struct vm_struct *area;		struct vm_struct *area;
			unsigned long size; /* In bytes */

	might_sleep();		might_sleep();

	if (count > totalram_pages)		if (count > totalram_pages)
	return NULL;		return NULL;

	area = get_vm_area_caller((count << PAGE_SHIFT), flags,		size = (unsigned long)count << PAGE_SHIFT;
	__builtin_return_address(0));		area = get_vm_area_caller(size, flags, __builtin_return_address(0));
	if (!area)		if (!area)
	return NULL;		return NULL;