On 1/3/19 5:59 PM, Roman Penyaev wrote: > area->size can include adjacent guard page but get_vm_area_size() > returns actual size of the area. > > This fixes possible kernel crash when userspace tries to map area > on 1 page bigger: size check passes but the following vmalloc_to_page() > returns NULL on last guard (non-existing) page. > > Signed-off-by: Roman Penyaev <[email protected]> > Cc: Andrew Morton <[email protected]> > Cc: Michal Hocko <[email protected]> > Cc: Andrey Ryabinin <[email protected]> > Cc: Joe Perches <[email protected]> > Cc: "Luis R. Rodriguez" <[email protected]> > Cc: [email protected] > Cc: [email protected] > Cc: [email protected] > --- Fixes: e69e9d4aee71 ("vmalloc: introduce remap_vmalloc_range_partial") Acked-by: Andrey Ryabinin <[email protected]>
