|
|
@@ -277,9 +277,16 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
|
|
|
if (old_len > vma->vm_end - addr)
|
|
|
goto Efault;
|
|
|
|
|
|
- if (vma->vm_flags & (VM_DONTEXPAND | VM_PFNMAP)) {
|
|
|
- if (new_len > old_len)
|
|
|
+ /* Need to be careful about a growing mapping */
|
|
|
+ if (new_len > old_len) {
|
|
|
+ unsigned long pgoff;
|
|
|
+
|
|
|
+ if (vma->vm_flags & (VM_DONTEXPAND | VM_PFNMAP))
|
|
|
goto Efault;
|
|
|
+ pgoff = (addr - vma->vm_start) >> PAGE_SHIFT;
|
|
|
+ pgoff += vma->vm_pgoff;
|
|
|
+ if (pgoff + (new_len >> PAGE_SHIFT) < pgoff)
|
|
|
+ goto Einval;
|
|
|
}
|
|
|
|
|
|
if (vma->vm_flags & VM_LOCKED) {
|
Linus Torvalds