summaryrefslogtreecommitdiffstats
path: root/sound/i2c
diff options
context:
space:
mode:
authorRoman Gushchin <klamm@yandex-team.ru>2015-02-12 00:28:42 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2015-02-12 02:06:07 +0100
commit8138a67a5557ffea3a21dfd6f037842d4e748513 (patch)
tree437e800e5cead199af4ac5512e5b42c8ff61900b /sound/i2c
parentmm/mmap.c: fix arithmetic overflow in __vm_enough_memory() (diff)
downloadlinux-8138a67a5557ffea3a21dfd6f037842d4e748513.tar.xz
linux-8138a67a5557ffea3a21dfd6f037842d4e748513.zip
mm/nommu.c: fix arithmetic overflow in __vm_enough_memory()
I noticed that "allowed" can easily overflow by falling below 0, because (total_vm / 32) can be larger than "allowed". The problem occurs in OVERCOMMIT_NONE mode. In this case, a huge allocation can success and overcommit the system (despite OVERCOMMIT_NONE mode). All subsequent allocations will fall (system-wide), so system become unusable. The problem was masked out by commit c9b1d0981fcc ("mm: limit growth of 3% hardcoded other user reserve"), but it's easy to reproduce it on older kernels: 1) set overcommit_memory sysctl to 2 2) mmap() large file multiple times (with VM_SHARED flag) 3) try to malloc() large amount of memory It also can be reproduced on newer kernels, but miss-configured sysctl_user_reserve_kbytes is required. Fix this issue by switching to signed arithmetic here. Signed-off-by: Roman Gushchin <klamm@yandex-team.ru> Cc: Andrew Shewmaker <agshew@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'sound/i2c')
0 files changed, 0 insertions, 0 deletions