Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 2237

kernel-2.6.18-238.el5.src.rpm

From: Danny Feng <dfeng@redhat.com>
Date: Fri, 29 Jan 2010 09:26:04 -0500
Subject: [mm] kill ancient cruft in s390 compat mmap
Message-id: <20100129092616.4587.206.sendpatchset@dhcp-65-180.nay.redhat.com>
Patchwork-id: 22992
O-Subject: [PATCH RHEL5.5 7/12 BZ556710 CVE-2010-0291] Kill ancient crap in s390
	compat mmap
Bugzilla: 556710
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
RH-Acked-by: Larry Woodman <lwoodman@redhat.com>

backport of upstream commit 570dcf2c15463842e384eb597a87c1e39bead99b

Subject: [PATCH] Kill ancient crap in s390 compat mmap

We've had TASK_SIZE set to 1<<31 for 31bit tasks since May 2004.
Before that old32_mmap() had to deal with do_mmap_pgoff() giving
it an address out of range.  It had tried to do that by checking
return value and doing do_munmap() (at wrong address, BTW).

IOW, that code had been dead for 5.5 years (and bogus - for 8).
Kill.

Acked-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c
index e41ba9f..f31d32e 100644
--- a/arch/s390/kernel/compat_linux.c
+++ b/arch/s390/kernel/compat_linux.c
@@ -890,11 +890,6 @@ static inline long do_mmap2(
 
 	down_write(&current->mm->mmap_sem);
 	error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
-	if (!IS_ERR((void *) error) && error + len >= 0x80000000ULL) {
-		/* Result is out of bounds.  */
-		do_munmap(current->mm, addr, len);
-		error = -ENOMEM;
-	}
 	up_write(&current->mm->mmap_sem);
 
 	if (file)