Staging: binder: mmap fixes.
authorArve Hjønnevåg <arve@android.com>
Mon, 6 Apr 2009 22:12:55 +0000 (15:12 -0700)
committerGreg Kroah-Hartman <gregkh@suse.de>
Fri, 17 Apr 2009 18:06:26 +0000 (11:06 -0700)
Only allow a binder file pointer to be mmapped once. The buffer management
code cannot deal with more then one area.
Also remove leftover mutex_unlock if mmap fails.

Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/staging/android/binder.c

index 39871da7ef91c11f8314c47d36171ccfee3df97e..761f5d6a9cf299fc1a4842309aeb0819dd9b6998 100644 (file)
@@ -2694,6 +2694,12 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma)
        }
        vma->vm_flags = (vma->vm_flags | VM_DONTCOPY) & ~VM_MAYWRITE;
 
+       if (proc->buffer) {
+               ret = -EBUSY;
+               failure_string = "already mapped";
+               goto err_already_mapped;
+       }
+
        area = get_vm_area(vma->vm_end - vma->vm_start, VM_IOREMAP);
        if (area == NULL) {
                ret = -ENOMEM;
@@ -2741,10 +2747,12 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma)
 
 err_alloc_small_buf_failed:
        kfree(proc->pages);
+       proc->pages = NULL;
 err_alloc_pages_failed:
        vfree(proc->buffer);
+       proc->buffer = NULL;
 err_get_vm_area_failed:
-       mutex_unlock(&binder_lock);
+err_already_mapped:
 err_bad_arg:
        printk(KERN_ERR "binder_mmap: %d %lx-%lx %s failed %d\n", proc->pid, vma->vm_start, vma->vm_end, failure_string, ret);
        return ret;