mmap wrapping around to 0 revisited

David Ashley dash at
Wed Mar 6 11:06:42 EST 2002

>Wrong fix.  sys_mmap on ppc should really be using do_mmap which already
>includes the cast to unsigned long and checks for overflow.  Arguably,
>it could well check for -'ve offsets and reject them, but traditionally
>Linux has accepted up to 4GB offsets with its 32 bit APIs and changing
>this would break a few things like X.
>                -ben

In older versions (like 2.4.2-hhl) the sys_mmap did go through do_mmap, but
for some reason that was changed. The do_mmap itself is broken, the check
for overflow is like this:
	if ((offset + PAGE_ALIGN(len)) < offset)
		goto out;

It should be:
	if ((offset + PAGE_ALIGN(len)-1) < offset)
		goto out;

So: changing sys_mmap to go through do_mmap won't fix the problem unless
the above fix is done to do_mmap.

do_mmap appears to be defunct, and the new method seems to be more standard
across architectures. The problem was as I stated, and the fix I presented
is the best one.


** Sent via the linuxppc-embedded mail list. See

More information about the Linuxppc-embedded mailing list