dect
/
linux-2.6
Archived
13
0
Fork 0
Code Releases Activity
This repository has been archived on 2022-02-17. You can view files and clone it, but cannot push or open issues or pull requests.
linux-2.6/drivers/char
History
Cliff Wickman 4191ba26da mspec: handle shrinking virtual memory areas 
The shrinking of a virtual memory area that is mmap(2)'d to a memory
special file (device drivers/char/mspec.c) can cause a panic.

If the mapped size of the vma (vm_area_struct) is very large, mspec allocates
a large vma_data structure with vmalloc(). But such a vma can be shrunk by
an munmap(2).  The current driver uses the current size of each vma to
deduce whether its vma_data structure was allocated by kmalloc() or vmalloc().
So if the vma was shrunk it appears to have been allocated by kmalloc(),
and mspec attempts to free it with kfree().  This results in a panic.

This patch avoids the panic (by preserving the type of the allocation) and
also makes mspec work correctly as the vma is split into pieces by the
munmap(2)'s.

All vma's derived from such a split vma share the same vma_data structure that
represents all the pages mapped into this set of vma's.  The mpec driver
must be made capable of using the right portion of the structure for each
member vma.  In other words, it must index into the array of page addresses
using the portion of the array that represents the current vma. This is
enabled by storing the vma group's vm_start in the vma_data structure.

The shared vma_data's are not protected by mm->mmap_sem in the fork() case
so the reference count is left as atomic_t.

Signed-off-by: Cliff Wickman <cpw@sgi.com>
Acked-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2007-09-19 11:24:17 -07:00
..
agp intel_agp: fix GTT map size on G33 2007-09-11 17:21:20 -07:00
drm Merge branch 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2007-08-25 08:01:06 -07:00
hw_random x86_64: Geode HW Random Number Generator depends on X86_32 2007-07-21 18:37:13 -07:00
ip2 ip2main warning fix 2007-07-31 15:39:44 -07:00
ipmi IPMI: fix warning in ipmi_si_intf.c 2007-08-22 19:52:46 -07:00
mwave [PATCH] mwave: interesting flags savings 2007-02-20 17:10:14 -08:00
pcmcia drivers/char/pcmcia/cm40x0_cs.c: fix release function call 2007-08-11 15:47:40 -07:00
rio some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
tpm tpmdd maintainers 2007-08-22 19:52:44 -07:00
watchdog [WATCHDOG] Add support for 1533 bridge to alim1535_wdt 2007-08-16 20:28:43 +00:00
.gitignore
ChangeLog
Kconfig Char: cyclades, select FW_LOADER 2007-07-26 11:35:19 -07:00
Makefile Merge git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog 2007-07-31 20:43:52 -07:00
amiserial.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
apm-emulation.c Freezer: make kernel threads nonfreezable by default 2007-07-17 10:23:02 -07:00
applicom.c
applicom.h
briq_panel.c [POWERPC] Remove dead code for preventing pread() and pwrite() calls 2007-07-10 22:03:26 +10:00
cd1865.h
consolemap.c Kernel utf-8 handling 2007-07-16 09:05:46 -07:00
cp437.uni
cs5535_gpio.c Char: cs5535_gpio, add MODULE_DEVICE_TABLE 2007-05-08 11:15:04 -07:00
cyclades.c drivers/*: mark variables with uninitialized_var() 2007-07-17 16:23:19 -04:00
defkeymap.c_shipped
defkeymap.map
digi1.h
digiFep1.h
digiPCI.h
ds1286.c [CHAR] ds1286: Fix handling of seconds in RTC_ALM_SET ioctl. 2007-03-08 01:10:30 +00:00
ds1302.c [PATCH] DS1302: local_irq_disable() is redundant after local_irq_save() 2007-02-12 09:48:30 -08:00
ds1620.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
dsp56k.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
dtlk.c dtlk: fix error checks in module_init() 2007-05-08 11:15:09 -07:00
ec3104_keyb.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
efirtc.c
epca.c drivers/char: use __set_current_state() 2007-05-08 11:15:13 -07:00
epca.h
epcaconfig.h
esp.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
generic_nvram.c [PATCH] mark struct file_operations const 3 2007-02-12 09:48:45 -08:00
generic_serial.c genericserial: remove bogus optimisation check and dead code paths 2007-07-16 09:05:51 -07:00
genrtc.c Char: genrtc, use wait_event_interruptible 2007-07-16 09:05:44 -07:00
hangcheck-timer.c Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
hpet.c Do not use the ia64 clocksource on non-ia64 architectures 2007-08-31 20:14:22 -07:00
hvc_beat.c [POWERPC] Celleb: hypervisor console driver 2007-02-07 14:03:21 +11:00
hvc_console.c Freezer: make kernel threads nonfreezable by default 2007-07-17 10:23:02 -07:00
hvc_console.h
hvc_iseries.c [POWERPC] init and exit markings for hvc_iseries 2007-07-22 21:30:59 +10:00
hvc_lguest.c lguest files should explicitly include asm/paravirt.h 2007-08-11 15:47:42 -07:00
hvc_rtas.c [POWERPC] Quiet section mismatch in hvc_rtas.c 2007-07-22 21:30:59 +10:00
hvc_vio.c [POWERPC] Rename device_is_compatible to of_device_is_compatible 2007-05-07 20:31:14 +10:00
hvc_xen.c xen: use the hvc console infrastructure for Xen console 2007-07-18 08:47:44 -07:00
hvcs.c [POWERPC] hvcs: Make some things static and const 2007-07-22 21:30:59 +10:00
hvsi.c [POWERPC] Rename get_property to of_get_property: partial drivers 2007-04-27 15:51:56 +10:00
i8k.c i386: sched.h inclusion from module.h is baack 2007-05-08 11:15:08 -07:00
ip27-rtc.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
isicom.c Char: isicom, proper variables types 2007-07-17 10:23:10 -07:00
istallion.c Char: istallion, init+locking fixes 2007-07-17 10:23:10 -07:00
keyboard.c m68k/mac: Make mac_hid_mouse_emulate_buttons() declaration visible 2007-08-22 19:52:45 -07:00
lcd.c [MIPS] Delete duplicate inclusion of <linux/delay.h>. 2007-08-27 02:16:59 +01:00
lcd.h [MIPS] Add MTD device support for Cobalt 2007-02-20 17:11:55 +00:00
lp.c ROUND_UP macro cleanup in drivers/char/lp.c 2007-05-08 11:15:08 -07:00
mbcs.c mbcs: Remove lots of global symbols 2007-07-19 10:04:43 -07:00
mbcs.h mbcs: Remove lots of global symbols 2007-07-19 10:04:43 -07:00
mem.c Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus 2007-07-10 14:48:43 -07:00
misc.c Make /proc/misc use seq_list_xxx helpers 2007-07-16 09:05:42 -07:00
mmtimer.c Remove fs.h from mm.h 2007-07-29 17:09:29 -07:00
moxa.c Char: moxa, eliminate busy waiting 2007-07-17 10:23:10 -07:00
mspec.c mspec: handle shrinking virtual memory areas 2007-09-19 11:24:17 -07:00
mxser.c serial: remove termios checks from various old char serial drivers 2007-07-16 09:05:52 -07:00
mxser.h [PATCH] mxser: remove ambiguous redefinition of INIT_WORK 2007-02-11 10:51:25 -08:00
mxser_new.c serial: remove termios checks from various old char serial drivers 2007-07-16 09:05:52 -07:00
mxser_new.h [PATCH] Char: mxser_new, upgrade to 1.9.15 2007-02-11 10:51:29 -08:00
n_hdlc.c Char: n_hdlc, allow RESTARTSYS retval of tty write 2007-07-16 09:05:43 -07:00
n_r3964.c Char: n_r3964, use wait_event_interruptible 2007-07-16 09:05:44 -07:00
n_tty.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
nsc_gpio.c [PATCH] struct path: convert char-drivers 2006-12-08 08:28:44 -08:00
nvram.c COBALT: remove all references to Cobalt NVRAM 2007-07-16 09:05:47 -07:00
nwbutton.c [PATCH] Char: timers cleanup 2007-02-12 09:48:30 -08:00
nwbutton.h
nwflash.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
pc8736x_gpio.c
ppdev.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
ps3flash.c ps3: FLASH ROM Storage Driver 2007-07-21 17:49:16 -07:00
pty.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
random.c random: fix bound check ordering (CVE-2007-3105) 2007-07-19 14:21:04 -07:00
raw.c [PATCH] raw: don't allow the creation of a raw device with minor number 0 2007-02-11 10:51:34 -08:00
riscom8.c Char: riscom8, eliminate busy loop 2007-07-17 10:23:10 -07:00
riscom8.h
riscom8_reg.h
rocket.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
rocket.h
rocket_int.h Kill unused sesssion and group values in rocket driver 2007-05-11 08:29:36 -07:00
rtc.c x86_64: Untangle asm/hpet.h from asm/timex.h 2007-07-21 18:37:08 -07:00
scc.h
scx200_gpio.c
selection.c Kernel utf-8 handling 2007-07-16 09:05:46 -07:00
ser_a2232.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ser_a2232.h
ser_a2232fw.ax
ser_a2232fw.h
serial167.c m68k: remove empty ->setup is several consoles 2007-07-20 08:24:49 -07:00
snsc.c
snsc.h
snsc_event.c [IA64] drivers/char/snsc_event.c:206: warning: unused variable `p' 2007-05-10 13:23:05 -07:00
sonypi.c ACPI: Schedule /proc/acpi/event for removal 2007-08-23 15:20:26 -04:00
specialix.c Char: specialix, remove busy waiting 2007-07-17 10:23:10 -07:00
specialix_io8.h
stallion.c unregister_chrdev(): ignore the return value 2007-07-19 10:04:43 -07:00
sx.c sx: switch subven and subid values 2007-07-10 17:51:13 -07:00
sx.h [PATCH] Char: sx, request regions 2006-12-08 08:28:59 -08:00
sxboards.h
sxwindow.h
synclink.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
synclink_gt.c synclink_gt fix module reference 2007-08-22 19:52:46 -07:00
synclinkmp.c some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
sysrq.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
tb0219.c [PATCH] struct path: convert char-drivers 2006-12-08 08:28:44 -08:00
tipar.c layered parport code uses parport->dev 2007-05-08 11:15:05 -07:00
tlclk.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
toshiba.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
tty_audit.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
tty_io.c tty: dont needlessly cast kmalloc() return value 2007-08-23 21:39:41 -07:00
tty_ioctl.c sparc64 (and others): fix tty_ioctl.c build 2007-09-15 08:18:30 -07:00
vc_screen.c use mutex instead of semaphore in virtual console driver 2007-05-08 11:15:33 -07:00
viocons.c [POWERPC] iSeries: fix viocons init 2006-12-20 16:37:48 +11:00
viotape.c unregister_chrdev(): ignore the return value 2007-07-19 10:04:43 -07:00
vme_scc.c m68k: remove empty ->setup is several consoles 2007-07-20 08:24:49 -07:00
vr41xx_giu.c [MIPS] Separate platform_device registration for VR41xx GPIO 2007-07-12 17:41:15 +01:00
vt.c Fix the graphic corruption issue on IA64 machines 2007-07-17 10:23:13 -07:00
vt_ioctl.c drivers/char: use __set_current_state() 2007-05-08 11:15:13 -07:00