[PATCH] msync: fix return value

msync() does a strange thing. Essentially: vma = find_vma(); for ( ; ; ) { if (!vma) return -ENOMEM; ... vma = vma->vm_next; } so an msync() request which starts within or before a valid VMA and which ends within or beyond the final VMA will incorrectly return -ENOMEM. Fix. Cc: Hugh Dickins <hugh@veritas.com> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] msync: fix return value
msync() does a strange thing. Essentially: vma = find_vma(); for ( ; ; ) { if (!vma) return -ENOMEM; ... vma = vma->vm_next; } so an msync() request which starts within or before a valid VMA and which ends within or beyond the final VMA will incorrectly return -ENOMEM. Fix. Cc: Hugh Dickins <hugh@veritas.com> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andrew Morton · Linus Torvalds
1 parent 707c21c848
Showing 1 changed file with 7 additions and 7 deletions Side-by-side Diff
mm/msync.c
@@ -146,7 +146,8 @@
 {
 	unsigned long end;
 	struct vm_area_struct *vma;
-	int unmapped_error, error = -EINVAL;
+	int unmapped_error = 0;
+	int error = -EINVAL;
 	int done = 0;
  
 	if (flags & ~(MS_ASYNC | MS_INVALIDATE | MS_SYNC))
  
@@ -171,15 +172,14 @@
 	if (flags & MS_SYNC)
 		current->flags |= PF_SYNCWRITE;
 	vma = find_vma(current->mm, start);
-	unmapped_error = 0;
+	if (!vma) {
+		error = -ENOMEM;
+		goto out_unlock;
+	}
 	do {
 		unsigned long nr_pages_dirtied = 0;
 		struct file *file;
  
-		/* Still start < end. */
-		error = -ENOMEM;
-		if (!vma)
-			goto out_unlock;
 		/* Here start < vma->vm_end. */
 		if (start < vma->vm_start) {
 			unmapped_error = -ENOMEM;
@@ -239,7 +239,7 @@
 		} else {
 			vma = vma->vm_next;
 		}
-	} while (!done);
+	} while (vma && !done);
 out_unlock:
 	current->flags &= ~PF_SYNCWRITE;
 	up_read(&current->mm->mmap_sem);
...	...	@@ -146,7 +146,8 @@
146	146	{
147	147	unsigned long end;
148	148	struct vm_area_struct *vma;
149		- int unmapped_error, error = -EINVAL;
	149	+ int unmapped_error = 0;
	150	+ int error = -EINVAL;
150	151	int done = 0;
151	152
152	153	if (flags & ~(MS_ASYNC \| MS_INVALIDATE \| MS_SYNC))
153	154
...	...	@@ -171,15 +172,14 @@
171	172	if (flags & MS_SYNC)
172	173	current->flags \|= PF_SYNCWRITE;
173	174	vma = find_vma(current->mm, start);
174		- unmapped_error = 0;
	175	+ if (!vma) {
	176	+ error = -ENOMEM;
	177	+ goto out_unlock;
	178	+ }
175	179	do {
176	180	unsigned long nr_pages_dirtied = 0;
177	181	struct file *file;
178	182
179		- /* Still start < end. */
180		- error = -ENOMEM;
181		- if (!vma)
182		- goto out_unlock;
183	183	/* Here start < vma->vm_end. */
184	184	if (start < vma->vm_start) {
185	185	unmapped_error = -ENOMEM;
...	...	@@ -239,7 +239,7 @@
239	239	} else {
240	240	vma = vma->vm_next;
241	241	}
242		- } while (!done);
	242	+ } while (vma && !done);
243	243	out_unlock:
244	244	current->flags &= ~PF_SYNCWRITE;
245	245	up_read(&current->mm->mmap_sem);