From 6da2d377bba06c29d0bc41c8dee014164dec82a7 Mon Sep 17 00:00:00 2001 From: Ian Abbott Date: Tue, 24 Feb 2009 17:22:59 +0000 Subject: UIO: Take offset into account when determining number of pages that can be mapped If a UIO memory region does not start on a page boundary but straddles one, the number of actual pages that overlap the memory region may be calculated incorrectly because the offset isn't taken into account. If userspace sets the mmap length to offset+size, it may fail with -EINVAL if UIO thinks it's trying to allocate too many pages. Signed-off-by: Ian Abbott Cc: Hans J. Koch Signed-off-by: Greg Kroah-Hartman --- drivers/uio/uio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'drivers') diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c index 68a496557788..03efb065455f 100644 --- a/drivers/uio/uio.c +++ b/drivers/uio/uio.c @@ -708,7 +708,8 @@ static int uio_mmap(struct file *filep, struct vm_area_struct *vma) return -EINVAL; requested_pages = (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; - actual_pages = (idev->info->mem[mi].size + PAGE_SIZE -1) >> PAGE_SHIFT; + actual_pages = ((idev->info->mem[mi].addr & ~PAGE_MASK) + + idev->info->mem[mi].size + PAGE_SIZE -1) >> PAGE_SHIFT; if (requested_pages > actual_pages) return -EINVAL; -- cgit v1.2.3