mm/mprotect: Fix successful vma_merge() of next in do_mprotect_pkey() · caleberi/linux@2fcd07b

Commit

mm/mprotect: Fix successful vma_merge() of next in do_mprotect_pkey()

If mprotect_fixup() successfully calls vma_merge() and replaces vma and
the next vma, then the tmp variable in the do_mprotect_pkey() is not
updated to point to the new vma end.  This results in the loop detecting
a gap between VMAs that does not exist.

Fix the faulty value of tmp by setting it to the end location of the vma
iterator at the end of the loop.

Link: https://lkml.kernel.org/r/[email protected]
Fixes: 2286a69 ("mm: change mprotect_fixup to vma iterator")
Link: https://lore.kernel.org/linux-mm/[email protected]/
Signed-off-by: Liam R. Howlett <[email protected]>
Reported-by: Bert Karwatzki <[email protected]>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217061
Tested-by: Bert Karwatzki <[email protected]>
Reported-by: Linus Torvalds <[email protected]>
Link: https://lore.kernel.org/linux-mm/CAHk-=wjFmVL7NiuxL54qLkoabni_yD-oF9=dpDgETtdsiCbhUg@mail.gmail.com/
Tested-by: Linus Torvalds <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

Loading branch information

howlett authored and torvalds committed Feb 26, 2023

1 parent 1ec35ea commit 2fcd07b

mm/mprotect.c

-Original file line number
+Diff line change
@@ Expand Up @@
     		if (error)
     			break;
+    		tmp = vma_iter_end(&vmi);
     		nstart = tmp;
     		prot = reqprot;
     	}
@@ Expand Down @@

0 comments on commit `2fcd07b`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `2fcd07b`

Commit

There are no files selected for viewing

0 comments on commit 2fcd07b

0 comments on commit `2fcd07b`