mm/memory.c: fail when offset == num in first check of __vm_map_pages()
authorMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Fri, 12 Jul 2019 03:58:47 +0000 (20:58 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Fri, 12 Jul 2019 18:05:46 +0000 (11:05 -0700)
If the caller asks us for offset == num, we should already fail in the
first check, i.e.  the one testing for offsets beyond the object.

At the moment, we are failing on the second test anyway, since count
cannot be 0.  Still, to agree with the comment of the first test, we
should first test it there.

Link: http://lkml.kernel.org/r/20190528193004.GA7744@gmail.com
Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Souptick Joarder <jrdr.linux@gmail.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
Cc: Huang Ying <ying.huang@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
mm/memory.c

index 0428ff5ee33903cbf55650e54a1792a450914e03..ad4bf1a1a0efb4d41ad2b186c1d38af0a7625b64 100644 (file)
@@ -1545,7 +1545,7 @@ static int __vm_map_pages(struct vm_area_struct *vma, struct page **pages,
        int ret, i;
 
        /* Fail if the user requested offset is beyond the end of the object */
-       if (offset > num)
+       if (offset >= num)
                return -ENXIO;
 
        /* Fail if the user requested size exceeds available object size */