Commit 65ee03c4 authored by Guillermo Julián Moreno's avatar Guillermo Julián Moreno Committed by Linus Torvalds
Browse files

mm: fix overflow in vm_map_ram()

When remapping pages accounting for 4G or more memory space, the
operation 'count << PAGE_SHIFT' overflows as it is performed on an
integer.  Solution: cast before doing the bitshift.

[akpm@linux-foundation.org: fix vm_unmap_ram() also]
[akpm@linux-foundation.org: fix vmap() as well, per Guillermo]
Link: http://lkml.kernel.org/r/etPan.57175fb3.7a271c6b.2bd@naudit.es

Signed-off-by: default avatarGuillermo Julián Moreno <guillermo.julian@naudit.es>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 4340fa55
...@@ -1105,7 +1105,7 @@ EXPORT_SYMBOL_GPL(vm_unmap_aliases); ...@@ -1105,7 +1105,7 @@ EXPORT_SYMBOL_GPL(vm_unmap_aliases);
*/ */
void vm_unmap_ram(const void *mem, unsigned int count) void vm_unmap_ram(const void *mem, unsigned int count)
{ {
unsigned long size = count << PAGE_SHIFT; unsigned long size = (unsigned long)count << PAGE_SHIFT;
unsigned long addr = (unsigned long)mem; unsigned long addr = (unsigned long)mem;
BUG_ON(!addr); BUG_ON(!addr);
...@@ -1140,7 +1140,7 @@ EXPORT_SYMBOL(vm_unmap_ram); ...@@ -1140,7 +1140,7 @@ EXPORT_SYMBOL(vm_unmap_ram);
*/ */
void *vm_map_ram(struct page **pages, unsigned int count, int node, pgprot_t prot) void *vm_map_ram(struct page **pages, unsigned int count, int node, pgprot_t prot)
{ {
unsigned long size = count << PAGE_SHIFT; unsigned long size = (unsigned long)count << PAGE_SHIFT;
unsigned long addr; unsigned long addr;
void *mem; void *mem;
...@@ -1574,14 +1574,15 @@ void *vmap(struct page **pages, unsigned int count, ...@@ -1574,14 +1574,15 @@ void *vmap(struct page **pages, unsigned int count,
unsigned long flags, pgprot_t prot) unsigned long flags, pgprot_t prot)
{ {
struct vm_struct *area; struct vm_struct *area;
unsigned long size; /* In bytes */
might_sleep(); might_sleep();
if (count > totalram_pages) if (count > totalram_pages)
return NULL; return NULL;
area = get_vm_area_caller((count << PAGE_SHIFT), flags, size = (unsigned long)count << PAGE_SHIFT;
__builtin_return_address(0)); area = get_vm_area_caller(size, flags, __builtin_return_address(0));
if (!area) if (!area)
return NULL; return NULL;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment