linux/drivers
Cliff Wickman 4191ba26da mspec: handle shrinking virtual memory areas
The shrinking of a virtual memory area that is mmap(2)'d to a memory
special file (device drivers/char/mspec.c) can cause a panic.

If the mapped size of the vma (vm_area_struct) is very large, mspec allocates
a large vma_data structure with vmalloc(). But such a vma can be shrunk by
an munmap(2).  The current driver uses the current size of each vma to
deduce whether its vma_data structure was allocated by kmalloc() or vmalloc().
So if the vma was shrunk it appears to have been allocated by kmalloc(),
and mspec attempts to free it with kfree().  This results in a panic.

This patch avoids the panic (by preserving the type of the allocation) and
also makes mspec work correctly as the vma is split into pieces by the
munmap(2)'s.

All vma's derived from such a split vma share the same vma_data structure that
represents all the pages mapped into this set of vma's.  The mpec driver
must be made capable of using the right portion of the structure for each
member vma.  In other words, it must index into the array of page addresses
using the portion of the array that represents the current vma. This is
enabled by storing the vma group's vm_start in the vma_data structure.

The shared vma_data's are not protected by mm->mmap_sem in the fork() case
so the reference count is left as atomic_t.

Signed-off-by: Cliff Wickman <cpw@sgi.com>
Acked-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-19 11:24:17 -07:00
..
acorn/char Remove the arm26 port 2007-07-31 15:39:39 -07:00
acpi Pull misc into release branch 2007-09-17 00:28:58 -04:00
amba
ata pata_ali/alim15x3: override 80-wire cable detection for Toshiba S1800-814 2007-09-11 22:28:36 +02:00
atm Add some help texts to recently-introduced kconfig items 2007-08-18 09:52:50 -07:00
auxdisplay cfag12864b fix 2007-08-22 19:52:46 -07:00
base CPU online file permission 2007-07-31 15:39:39 -07:00
block Fix "Fix DAC960 driver on machines which don't support 64-bit DMA" 2007-09-19 11:24:16 -07:00
bluetooth [Bluetooth] Add missing stat.byte_rx counter modification 2007-09-09 08:39:27 +02:00
cdrom [BLOCK] Get rid of request_queue_t typedef 2007-07-24 09:28:11 +02:00
char mspec: handle shrinking virtual memory areas 2007-09-19 11:24:17 -07:00
clocksource x86_64: fix typo in acpi_pm.c 2007-07-21 18:37:12 -07:00
connector
cpufreq
crypto Add some help texts to recently-introduced kconfig items 2007-08-18 09:52:50 -07:00
dio
dma [IOAT]: ioatdma needs to to play nice in a multi-dma-client world 2007-08-26 18:35:40 -07:00
edac drivers/edac: fix e752x correct return code 2007-09-11 17:21:19 -07:00
eisa
fc4
firewire firewire: fw-ohci: ignore failure of pci_set_power_state (fix suspend regression) 2007-09-07 18:44:35 +02:00
firmware
hid Add some help texts to recently-introduced kconfig items 2007-08-18 09:52:50 -07:00
hwmon hwmon: End of I/O region off-by-one 2007-09-09 10:38:37 -04:00
i2c i2c-algo-bit: Read block data bugfix 2007-09-09 22:29:14 +02:00
ide pdc202xx_new: PLL detection fix 2007-09-11 22:28:37 +02:00
ieee1394 ieee1394: sbp2: fix sbp2_remove_device for error cases 2007-08-25 18:00:26 +02:00
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2007-08-31 20:40:37 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2007-09-12 07:57:00 -07:00
isdn [ISDN]: Get rid of some pointless allocation casts in common and bsd comp. 2007-08-26 18:35:46 -07:00
kvm KVM: MMU: Fix rare oops on guest context switch 2007-09-14 13:59:55 -07:00
leds
lguest lguest: Fix guest crash when CONFIG_X86_USE_3DNOW=y 2007-09-12 12:19:46 -07:00
macintosh [POWERPC] Fix undefined reference to device_power_up/resume 2007-08-25 16:58:27 +10:00
mca
md Fix kernel buuild with (CONFIG_COMPAT && ! CONFIG_BLOCK) 2007-09-14 13:56:47 -07:00
media V4L/DVB (6188): Avoid a NULL pointer dereference during mpeg_open() 2007-09-14 13:13:42 -03:00
message Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2007-08-06 17:48:34 -07:00
mfd some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
misc Pull thinkpad into release branch 2007-09-17 00:58:40 -04:00
mmc bug in AT91 MCI suspend routines 2007-09-11 17:21:51 +02:00
mtd [MTD] Initialise s_flags in get_sb_mtd_aux() 2007-09-02 18:18:46 +01:00
net Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2007-09-16 21:14:54 -07:00
nubus some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
of Create drivers/of/platform.c 2007-07-20 14:25:51 +10:00
oprofile [CELL] oprofile: add support to OProfile for profiling CELL BE SPUs 2007-07-20 21:42:24 +02:00
parisc serial: add early_serial_setup() back to header file 2007-07-18 08:38:22 -07:00
parport parport_pc locking fix 2007-07-31 15:39:37 -07:00
pci PCI: unhide SMBus on Compaq Deskpro EP 401963-001 motherboard 2007-09-11 04:22:16 -07:00
pcmcia pcmcia: give socket time to power down 2007-07-31 15:39:38 -07:00
pnp PNP: remove SMCf010 quirk 2007-09-11 17:21:19 -07:00
power Don't compile the PMU power driver on 64-bit PowerPC 2007-07-23 12:42:45 +01:00
ps3
rapidio some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
rtc rtc: rtc-ds1553.c should use resource_size_t for base address 2007-09-19 11:24:17 -07:00
s390 Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2007-09-11 07:46:09 -07:00
sbus Videopix Frame Grabber: Fix unreleased lock in vfc_debug() 2007-07-31 15:39:43 -07:00
scsi Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2007-09-11 07:46:09 -07:00
serial fix SERIAL_CORE_CONSOLE driver dependencies 2007-09-11 17:21:27 -07:00
sh some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
sn some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
spi spi_mpc83xx: hang fix 2007-09-11 17:21:19 -07:00
tc zs: move to the serial subsystem 2007-07-18 08:38:22 -07:00
telephony some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
uio UIO: Hilscher CIF card driver 2007-07-18 15:57:16 -07:00
usb Revert "usb-storage: implement autosuspend" 2007-09-13 06:01:24 -07:00
video radeonfb: fix chip definition for Radeon Xpress 200M 0x5975 2007-09-13 08:00:42 -07:00
w1 w1: fix w1_remove_master_device() searching 2007-08-22 19:52:46 -07:00
xen xenbus_xs.c: fix a use-after-free 2007-07-26 11:35:17 -07:00
zorro zorro: Make sysfs config attribute read-only 2007-08-22 19:52:45 -07:00
Kconfig Begin to consolidate of_device.c 2007-07-20 13:39:59 +10:00
Makefile [WATCHDOG] Fix pcwd_init_module crash 2007-07-29 18:58:39 +00:00