[PATCH] FRV: Fix mmap2 error handling

[PATCH] FRV: Fix mmap2 error handling

[David Howells]

Fix the error handling in sys_mmap2().  Currently, if the pgoff check fails,
fput() might have to be called (which it isn't), so do the pgoff check first,
before fget() is called.

Signed-off-by: David Howells <dhowells@redhat.com>
---

 arch/frv/kernel/sys_frv.c |   17 ++++++++---------
 1 files changed, 8 insertions(+), 9 deletions(-)


diff --git a/arch/frv/kernel/sys_frv.c b/arch/frv/kernel/sys_frv.c
index 49b2cf2..baadc97 100644
--- a/arch/frv/kernel/sys_frv.c
+++ b/arch/frv/kernel/sys_frv.c
@@ -35,22 +35,21 @@ asmlinkage long sys_mmap2(unsigned long addr, unsigned long len,
 	int error = -EBADF;
 	struct file * file = NULL;
 
-	flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
-	if (!(flags & MAP_ANONYMOUS)) {
-		file = fget(fd);
-		if (!file)
-			goto out;
-	}
-
 	/* As with sparc32, make sure the shift for mmap2 is constant
 	   (12), no matter what PAGE_SIZE we have.... */
 
 	/* But unlike sparc32, don't just silently break if we're
 	   trying to map something we can't */
-	if (pgoff & ((1<<(PAGE_SHIFT-12))-1))
+	if (pgoff & ((1 << (PAGE_SHIFT - 12)) - 1))
 		return -EINVAL;
+	pgoff >>= PAGE_SHIFT - 12;
 
-	pgoff >>= (PAGE_SHIFT - 12);
+	flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
+	if (!(flags & MAP_ANONYMOUS)) {
+		file = fget(fd);
+		if (!file)
+			goto out;
+	}
 
 	down_write(&current->mm->mmap_sem);
 	error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);

Re: [PATCH] FRV: Fix mmap2 error handling

[Matthew Wilcox]

On Thu, Nov 27, 2008 at 03:12:38PM +0000, David Howells wrote:
> Fix the error handling in sys_mmap2().  Currently, if the pgoff check fails,
> fput() might have to be called (which it isn't), so do the pgoff check first,
> before fget() is called.

*sigh*.

My reaction was "Why do we have sys_mmap2 in every architecture?"  So I
started looking.  Oh dear, oh dear oh dear.

FRV:
        /* As with sparc32, make sure the shift for mmap2 is constant
           (12), no matter what PAGE_SIZE we have.... */
ia64:
Just uses PAGE_SIZE (currently supported values: 4k, 8k, 16k and 64k).

So what is poor userspace to do?  Check which architecture it's on and
figure out what PAGE_SIZE to use for mmap2 based on that?


How about we introduce a sys_mmap6() in common code which takes 'off'
in multiples of 4k.  Then FRV and other sane architectures can replace
their sys_mmap2 entries in their syscall tables with sys_mmap6.  ia64 has
to keep its insane sys_mmap2 entry, but it can add a sys_mmap6 entry too.

-- 
Matthew Wilcox				Intel Open Source Technology Centre
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours.  We can't possibly take such
a retrograde step."

Re: [PATCH] FRV: Fix mmap2 error handling

[Matthew Wilcox]

On Thu, Nov 27, 2008 at 03:12:38PM +0000, David Howells wrote:
> Fix the error handling in sys_mmap2().  Currently, if the pgoff check fails,
> fput() might have to be called (which it isn't), so do the pgoff check first,
> before fget() is called.

*sigh*.

My reaction was "Why do we have sys_mmap2 in every architecture?"  So I
started looking.  Oh dear, oh dear oh dear.

FRV:
        /* As with sparc32, make sure the shift for mmap2 is constant
           (12), no matter what PAGE_SIZE we have.... */
ia64:
Just uses PAGE_SIZE (currently supported values: 4k, 8k, 16k and 64k).

So what is poor userspace to do?  Check which architecture it's on and
figure out what PAGE_SIZE to use for mmap2 based on that?


How about we introduce a sys_mmap6() in common code which takes 'off'
in multiples of 4k.  Then FRV and other sane architectures can replace
their sys_mmap2 entries in their syscall tables with sys_mmap6.  ia64 has
to keep its insane sys_mmap2 entry, but it can add a sys_mmap6 entry too.

-- 
Matthew Wilcox				Intel Open Source Technology Centre
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours.  We can't possibly take such
a retrograde step."

[PATCH] FRV: Fix mmap2 error handling

[David Howells]

Fix the error handling in sys_mmap2().  Currently, if the pgoff check fails,
fput() might have to be called (which it isn't), so do the pgoff check first,
before fget() is called.

Reported-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 arch/frv/kernel/sys_frv.c |   17 ++++++++---------
 1 files changed, 8 insertions(+), 9 deletions(-)


diff --git a/arch/frv/kernel/sys_frv.c b/arch/frv/kernel/sys_frv.c
index 49b2cf2..baadc97 100644
--- a/arch/frv/kernel/sys_frv.c
+++ b/arch/frv/kernel/sys_frv.c
@@ -35,22 +35,21 @@ asmlinkage long sys_mmap2(unsigned long addr, unsigned long len,
 	int error = -EBADF;
 	struct file * file = NULL;
 
-	flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
-	if (!(flags & MAP_ANONYMOUS)) {
-		file = fget(fd);
-		if (!file)
-			goto out;
-	}
-
 	/* As with sparc32, make sure the shift for mmap2 is constant
 	   (12), no matter what PAGE_SIZE we have.... */
 
 	/* But unlike sparc32, don't just silently break if we're
 	   trying to map something we can't */
-	if (pgoff & ((1<<(PAGE_SHIFT-12))-1))
+	if (pgoff & ((1 << (PAGE_SHIFT - 12)) - 1))
 		return -EINVAL;
+	pgoff >>= PAGE_SHIFT - 12;
 
-	pgoff >>= (PAGE_SHIFT - 12);
+	flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
+	if (!(flags & MAP_ANONYMOUS)) {
+		file = fget(fd);
+		if (!file)
+			goto out;
+	}
 
 	down_write(&current->mm->mmap_sem);
 	error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);

[PATCH] FRV: Fix mmap2 error handling

[David Howells]

Fix the error handling in sys_mmap2().  Currently, if the pgoff check fails,
fput() might have to be called (which it isn't), so do the pgoff check first,
before fget() is called.

Reported-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 arch/frv/kernel/sys_frv.c |   17 ++++++++---------
 1 files changed, 8 insertions(+), 9 deletions(-)


diff --git a/arch/frv/kernel/sys_frv.c b/arch/frv/kernel/sys_frv.c
index 49b2cf2..baadc97 100644
--- a/arch/frv/kernel/sys_frv.c
+++ b/arch/frv/kernel/sys_frv.c
@@ -35,22 +35,21 @@ asmlinkage long sys_mmap2(unsigned long addr, unsigned long len,
 	int error = -EBADF;
 	struct file * file = NULL;
 
-	flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
-	if (!(flags & MAP_ANONYMOUS)) {
-		file = fget(fd);
-		if (!file)
-			goto out;
-	}
-
 	/* As with sparc32, make sure the shift for mmap2 is constant
 	   (12), no matter what PAGE_SIZE we have.... */
 
 	/* But unlike sparc32, don't just silently break if we're
 	   trying to map something we can't */
-	if (pgoff & ((1<<(PAGE_SHIFT-12))-1))
+	if (pgoff & ((1 << (PAGE_SHIFT - 12)) - 1))
 		return -EINVAL;
+	pgoff >>= PAGE_SHIFT - 12;
 
-	pgoff >>= (PAGE_SHIFT - 12);
+	flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
+	if (!(flags & MAP_ANONYMOUS)) {
+		file = fget(fd);
+		if (!file)
+			goto out;
+	}
 
 	down_write(&current->mm->mmap_sem);
 	error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);