diff options
| author | Colin Cross <ccross@android.com> | 2014-08-05 12:05:17 -0700 |
|---|---|---|
| committer | Daniel Rosenberg <drosen@google.com> | 2015-01-06 13:30:43 -0800 |
| commit | 22fbf70bdbd8f5743c6548f3b7807dc84fa80f13 (patch) | |
| tree | 6b2d1bb650be5d1eee3337b624efb20d770a52d6 /kernel | |
| parent | 36f7e414003343a6967e4dcb474efc7f80050110 (diff) | |
mm: fix prctl_set_vma_anon_name
prctl_set_vma_anon_name could attempt to set the name across
two vmas at the same time due to a typo, which might corrupt
the vma list. Fix it to use tmp instead of end to limit
the name setting to a single vma at a time.
Change-Id: Ie32d8ddb0fd547efbeedd6528acdab5ca5b308b4
Reported-by: Jed Davis <jld@mozilla.com>
Signed-off-by: Colin Cross <ccross@android.com>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/sys.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/sys.c b/kernel/sys.c index 95f045110316..62509f1738c2 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1921,7 +1921,7 @@ static int prctl_set_vma_anon_name(unsigned long start, unsigned long end, tmp = end; /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */ - error = prctl_update_vma_anon_name(vma, &prev, start, end, + error = prctl_update_vma_anon_name(vma, &prev, start, tmp, (const char __user *)arg); if (error) return error; |