[PATCH openEuler-22.03-LTS-SP1 2/4] remap_file_pages: Use vma_lookup() instead of find_vma()

21 Nov 2024

From: "Liam R. Howlett" Liam.Howlett@Oracle.com
mainline inclusion
from mainline-v5.15-rc1
commit 9b593cb20283e68e5e65b09ca10038935297f05b
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYQSE
CVE: CVE-2024-47745
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Using vma_lookup() verifies the start address is contained in the found vma.
This results in easier to read code.
Link: https://lkml.kernel.org/r/20210817135234.1550204-1-Liam.Howlett@oracle.com
Signed-off-by: Liam R. Howlett Liam.Howlett@Oracle.com
Reviewed-by: David Hildenbrand david@redhat.com
Signed-off-by: Andrew Morton akpm@linux-foundation.org
Signed-off-by: Linus Torvalds torvalds@linux-foundation.org
Signed-off-by: Liu Shixin liushixin2@huawei.com
---
 mm/mmap.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/mm/mmap.c b/mm/mmap.c
index e138fde2e733..116954328072 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -3305,14 +3305,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
    if (mmap_write_lock_killable(mm))
    	return -EINTR;
-	vma = find_vma(mm, start);
+	vma = vma_lookup(mm, start);
if (!vma || !(vma->vm_flags & VM_SHARED))
    	goto out;
-	if (start < vma->vm_start)
-		goto out;
-
    if (start + size > vma->vm_end) {
    	struct vm_area_struct *next;
-- 
2.34.1


    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-22.03-LTS-SP1 2/4] remap_file_pages: Use vma_lookup() instead of find_vma()