git.hungrycats.org Git - linux/commit

author	Davidlohr Bueso <dave@stgolabs.net>
	Fri, 25 May 2018 21:47:30 +0000 (14:47 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 30 May 2018 06:17:18 +0000 (08:17 +0200)
commit	246e52a47b6ac081e9830f532ac83b0d958a530c
tree	a7d7e248d25da71d80c01a577c5bbca08c5b1449	tree \| snapshot
parent	fe05c7ada1d68b98726edcdca4d41f548099b2c5	commit \| diff

ipc/shm: fix shmat() nil address after round-down when remapping

commit 8f89c007b6dec16a1793cb88de88fcc02117bbbc upstream.

shmat()'s SHM_REMAP option forbids passing a nil address for; this is in
fact the very first thing we check for. Andrea reported that for
SHM_RND|SHM_REMAP cases we can end up bypassing the initial addr check,
but we need to check again if the address was rounded down to nil. As
of this patch, such cases will return -EINVAL.

Link: http://lkml.kernel.org/r/20180503204934.kk63josdu6u53fbd@linux-n805
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>