Google Git
Sign in
android / kernel / common / 69bfe2d957d903521d32324190c2754cb073be15^! / .
commit69bfe2d957d903521d32324190c2754cb073be15[log] [tgz]
authorColin Cross <ccross@android.com>Tue Aug 05 12:05:17 2014 -0700
committerColin Cross <ccross@android.com>Tue Aug 12 19:42:56 2014 -0700
tree3aa7576106aab494e6530ccd3b9fe36969636ce1
parent6af84c9aa53ebae9d6ac26df6de87c3fc0960ba0 [diff]
mm: fix prctl_set_vma_anon_name

prctl_set_vma_anon_name could attempt to set the name across
two vmas at the same time due to a typo, which might corrupt
the vma list.  Fix it to use tmp instead of end to limit
the name setting to a single vma at a time.

Change-Id: Ie32d8ddb0fd547efbeedd6528acdab5ca5b308b4
Reported-by: Jed Davis <jld@mozilla.com>
Signed-off-by: Colin Cross <ccross@android.com>

diff --git a/kernel/sys.c b/kernel/sys.c
index f7e7a8b..800c5f2 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c

@@ -1934,7 +1934,7 @@
 			tmp = end;
 
 		/* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */
-		error = prctl_update_vma_anon_name(vma, &prev, start, end,
+		error = prctl_update_vma_anon_name(vma, &prev, start, tmp,
 				(const char __user *)arg);
 		if (error)
 			return error;