git.openpandora.org / pandora-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ipc/shm: Fix shmat mmap nil-page protection
[pandora-kernel.git] / ipc / shm.c
diff --git a/ipc/shm.c b/ipc/shm.c
index 16b1f9e..df1d608 100644 (file)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -963,8 +963,13 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
                goto out;
        else if ((addr = (ulong)shmaddr)) {
                if (addr & (SHMLBA-1)) {
-                       if (shmflg & SHM_RND)
-                               addr &= ~(SHMLBA-1);       /* round down */
+                       /*
+                        * Round down to the nearest multiple of shmlba.
+                        * For sane do_mmap_pgoff() parameters, avoid
+                        * round downs that trigger nil-page and MAP_FIXED.
+                        */
+                       if ((shmflg & SHM_RND) && addr >= SHMLBA)
+                               addr &= ~(SHMLBA - 1);
                        else
 #ifndef __ARCH_FORCE_SHMLBA
                                if (addr & ~PAGE_MASK)
Pandora Kernel Repository