mmap wrapping around to 0 revisited
David Ashley
dash at xdr.com
Wed Mar 6 11:06:42 EST 2002
>Wrong fix. sys_mmap on ppc should really be using do_mmap which already
>includes the cast to unsigned long and checks for overflow. Arguably,
>it could well check for -'ve offsets and reject them, but traditionally
>Linux has accepted up to 4GB offsets with its 32 bit APIs and changing
>this would break a few things like X.
>
> -ben
In older versions (like 2.4.2-hhl) the sys_mmap did go through do_mmap, but
for some reason that was changed. The do_mmap itself is broken, the check
for overflow is like this:
if ((offset + PAGE_ALIGN(len)) < offset)
goto out;
It should be:
if ((offset + PAGE_ALIGN(len)-1) < offset)
goto out;
So: changing sys_mmap to go through do_mmap won't fix the problem unless
the above fix is done to do_mmap.
do_mmap appears to be defunct, and the new method seems to be more standard
across architectures. The problem was as I stated, and the fix I presented
is the best one.
-Dave
** Sent via the linuxppc-embedded mail list. See http://lists.linuxppc.org/
More information about the Linuxppc-embedded
mailing list