Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 2204

kernel-2.6.18-238.el5.src.rpm

From: Danny Feng <dfeng@redhat.com>
Date: Fri, 29 Jan 2010 09:25:56 -0500
Subject: [mm] fix pgoff in have to relocate case of mremap
Message-id: <20100129092608.4587.87864.sendpatchset@dhcp-65-180.nay.redhat.com>
Patchwork-id: 22991
O-Subject: [PATCH RHEL5.5 6/12 BZ556710 CVE-2010-0291] fix pgoff in "have to
	relocate" case of mremap()
Bugzilla: 556710
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
RH-Acked-by: Larry Woodman <lwoodman@redhat.com>

backport of upstream commit 935874141df839c706cd6cdc438e85eb69d1525e

Subject: [PATCH] fix pgoff in "have to relocate" case of mremap()

Acked-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/mm/mremap.c b/mm/mremap.c
index 75e9832..6230afd 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -478,7 +478,9 @@ unsigned long do_mremap(unsigned long addr,
 			map_flags |= MAP_SHARED;
 
 		new_addr = get_unmapped_area(vma->vm_file, 0, new_len,
-					vma->vm_pgoff, map_flags);
+					vma->vm_pgoff +
+					((addr - vma->vm_start) >> PAGE_SHIFT),
+					map_flags);
 		if (new_addr & ~PAGE_MASK) {
 			ret = new_addr;
 			goto out;