From: Guy Streeter Date: Tue, 8 May 2007 07:25:12 +0000 (-0700) Subject: Cap shmmax at INT_MAX in compat shminfo X-Git-Tag: firefly_0821_release~29919 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=af7c693f146069a1f44739acef9abf1bc27f7247;p=firefly-linux-kernel-4.4.55.git Cap shmmax at INT_MAX in compat shminfo The value of shmmax may be larger than will fit in the struct used by the 32bit compat version of sys_shmctl. This change mirrors what the normal sys_shmctl does when called with the old IPC_INFO command. Signed-off-by: Guy Streeter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/ipc/compat.c b/ipc/compat.c index fa18141539fb..8b44aa9a7c95 100644 --- a/ipc/compat.c +++ b/ipc/compat.c @@ -542,6 +542,8 @@ static inline int put_compat_shminfo64(struct shminfo64 *smi, if (!access_ok(VERIFY_WRITE, up64, sizeof(*up64))) return -EFAULT; + if (smi->shmmax > INT_MAX) + smi->shmmax = INT_MAX; err = __put_user(smi->shmmax, &up64->shmmax); err |= __put_user(smi->shmmin, &up64->shmmin); err |= __put_user(smi->shmmni, &up64->shmmni); @@ -557,6 +559,8 @@ static inline int put_compat_shminfo(struct shminfo64 *smi, if (!access_ok(VERIFY_WRITE, up, sizeof(*up))) return -EFAULT; + if (smi->shmmax > INT_MAX) + smi->shmmax = INT_MAX; err = __put_user(smi->shmmax, &up->shmmax); err |= __put_user(smi->shmmin, &up->shmmin); err |= __put_user(smi->shmmni, &up->shmmni);