From: Johannes Weiner Date: Mon, 28 Apr 2008 09:11:47 +0000 (-0700) Subject: mm: fix possible off-by-one in walk_pte_range() X-Git-Tag: MMI-PSA29.97-13-9~35494 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=556637cdabcd5918c7d4a1a2679b8f86fc81e891;p=GitHub%2FMotorolaMobilityLLC%2Fkernel-slsi.git mm: fix possible off-by-one in walk_pte_range() After the loop in walk_pte_range() pte might point to the first address after the pmd it walks. The pte_unmap() is then applied to something bad. Spotted by Roel Kluin and Andreas Schwab. Signed-off-by: Johannes Weiner Cc: Roel Kluin <12o3l@tiscali.nl> Cc: Andreas Schwab Acked-by: Matt Mackall Acked-by: Mikael Pettersson Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/mm/pagewalk.c b/mm/pagewalk.c index 1cf1417ef8b7..0afd2387e507 100644 --- a/mm/pagewalk.c +++ b/mm/pagewalk.c @@ -9,11 +9,15 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, int err = 0; pte = pte_offset_map(pmd, addr); - do { + for (;;) { err = walk->pte_entry(pte, addr, addr + PAGE_SIZE, private); if (err) break; - } while (pte++, addr += PAGE_SIZE, addr != end); + addr += PAGE_SIZE; + if (addr == end) + break; + pte++; + } pte_unmap(pte); return err;