mm: fix possible off-by-one in walk_pte_range() After the loop in walk_pte_range() pte might point to the first address after the pmd it walks. The pte_unmap() is then applied to something bad. Spotted by Roel Kluin and Andreas Schwab. Signed-off-by: Johannes Weiner <[email protected]> Cc: Roel Kluin <[email protected]> Cc: Andreas Schwab <[email protected]> Acked-by: Matt Mackall <[email protected]> Acked-by: Mikael Pettersson <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>

commit: 556637cdabcd5918c7d4a1a2679b8f86fc81e891 [log] [tgz]
author: Johannes Weiner <[email protected]> Mon Apr 28 02:11:47 2008 -0700
committer: Linus Torvalds <[email protected]> Mon Apr 28 08:58:16 2008 -0700
tree: a5bb95b50e88535966af3ad49017196b757fca64
parent: f022bfd58253099102218db5249220a7f4787114 [diff] [blame]
diff --git a/mm/pagewalk.c b/mm/pagewalk.c
index 1cf1417..0afd238 100644
--- a/mm/pagewalk.c
+++ b/mm/pagewalk.c

@@ -9,11 +9,15 @@
 	int err = 0;
 
 	pte = pte_offset_map(pmd, addr);
-	do {
+	for (;;) {
 		err = walk->pte_entry(pte, addr, addr + PAGE_SIZE, private);
 		if (err)
 		       break;
-	} while (pte++, addr += PAGE_SIZE, addr != end);
+		addr += PAGE_SIZE;
+		if (addr == end)
+			break;
+		pte++;
+	}
 
 	pte_unmap(pte);
 	return err;
commit	556637cdabcd5918c7d4a1a2679b8f86fc81e891	[log] [tgz]
author	Johannes Weiner <[email protected]>	Mon Apr 28 02:11:47 2008 -0700
committer	Linus Torvalds <[email protected]>	Mon Apr 28 08:58:16 2008 -0700
tree	a5bb95b50e88535966af3ad49017196b757fca64
parent	f022bfd58253099102218db5249220a7f4787114 [diff] [blame]