aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIan Abbott <abbotti@mev.co.uk>2009-02-24 17:22:59 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>2009-03-24 16:38:25 -0700
commit6da2d377bba06c29d0bc41c8dee014164dec82a7 (patch)
tree46bdf19836227b27c4548431ec7cea5eeb2a8a08
parent1bafeb378e915f39b1bf44ee0871823d6f402ea5 (diff)
UIO: Take offset into account when determining number of pages that can be mapped
If a UIO memory region does not start on a page boundary but straddles one, the number of actual pages that overlap the memory region may be calculated incorrectly because the offset isn't taken into account. If userspace sets the mmap length to offset+size, it may fail with -EINVAL if UIO thinks it's trying to allocate too many pages. Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Cc: Hans J. Koch <hjk@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--drivers/uio/uio.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
index 68a49655778..03efb065455 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -708,7 +708,8 @@ static int uio_mmap(struct file *filep, struct vm_area_struct *vma)
return -EINVAL;
requested_pages = (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
- actual_pages = (idev->info->mem[mi].size + PAGE_SIZE -1) >> PAGE_SHIFT;
+ actual_pages = ((idev->info->mem[mi].addr & ~PAGE_MASK)
+ + idev->info->mem[mi].size + PAGE_SIZE -1) >> PAGE_SHIFT;
if (requested_pages > actual_pages)
return -EINVAL;