git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ipc/shm: fix shmat() nil address after round-down when remapping
[sfrench/cifs-2.6.git] / ipc / shm.c
diff --git a/ipc/shm.c b/ipc/shm.c
index 930be3aa80cf7e69e49b730a07e794c0d0a0feee..d73269381ec7ed831eaa65e544aa8b5ab4e504dd 100644 (file)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1363,9 +1363,17 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg,
 
        if (addr) {
                if (addr & (shmlba - 1)) {
 
        if (addr) {
                if (addr & (shmlba - 1)) {
-                       if (shmflg & SHM_RND)
+                       if (shmflg & SHM_RND) {
                                addr &= ~(shmlba - 1);  /* round down */
                                addr &= ~(shmlba - 1);  /* round down */
-                       else
+
+                               /*
+                                * Ensure that the round-down is non-nil
+                                * when remapping. This can happen for
+                                * cases when addr < shmlba.
+                                */
+                               if (!addr && (shmflg & SHM_REMAP))
+                                       goto out;
+                       } else
 #ifndef __ARCH_FORCE_SHMLBA
                                if (addr & ~PAGE_MASK)
 #endif
 #ifndef __ARCH_FORCE_SHMLBA
                                if (addr & ~PAGE_MASK)
 #endif
Unnamed repository; edit this file 'description' to name the repository.