Commit f81cff0d authored Dec 06, 2006 by Mike Frysinger Committed by Linus Torvalds Dec 06, 2006

[PATCH] uclinux: fix mmap() of directory for nommu case

I was playing with blackfin when i hit a neat bug ... doing an open() on a
directory and then passing that fd to mmap() would cause the kernel to hang

after poking into the code a bit more, i found that
mm/nommu.c:validate_mmap_request() checks the length and if it is 0, just
returns the address ... this is in stark contrast to mmu's
mm/mmap.c:do_mmap_pgoff() where it returns -EINVAL for 0 length requests ...
i then noticed that some other parts of the logic is out of date between the
two funcs, so perhaps that's the easy fix ?

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

parent 3363c9b0

mm/nommu.c

+7 −5

Original line number	Diff line number	Diff line
		@@ -497,15 +497,17 @@ static int validate_mmap_request(struct file *file,
		(flags & MAP_TYPE) != MAP_SHARED)
		return -EINVAL;

		if (PAGE_ALIGN(len) == 0)
		return addr;

		if (len > TASK_SIZE)
		if (!len)
		return -EINVAL;

		/* Careful about overflows.. */
		len = PAGE_ALIGN(len);
		if (!len \|\| len > TASK_SIZE)
		return -ENOMEM;

		/* offset overflow? */
		if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
		return -EINVAL;
		return -EOVERFLOW;

		if (file) {
		/* validate file mapping requests */