<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">
From: Chris Wright &lt;chrisw@osdl.org&gt;

Always use page counts when doing RLIMIT_MEMLOCK checking to avoid possible
overflow.

Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
---

 mm/mmap.c |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff -puN mm/mmap.c~rlimit_memlock-checking-fix mm/mmap.c
--- 25/mm/mmap.c~rlimit_memlock-checking-fix	2005-04-27 00:01:36.326944320 -0700
+++ 25-akpm/mm/mmap.c	2005-04-27 00:01:36.330943712 -0700
@@ -937,9 +937,10 @@ unsigned long do_mmap_pgoff(struct file 
 	/* mlock MCL_FUTURE? */
 	if (vm_flags &amp; VM_LOCKED) {
 		unsigned long locked, lock_limit;
-		locked = mm-&gt;locked_vm &lt;&lt; PAGE_SHIFT;
+		locked = len &gt;&gt; PAGE_SHIFT;
+		locked += mm-&gt;locked_vm;
 		lock_limit = current-&gt;signal-&gt;rlim[RLIMIT_MEMLOCK].rlim_cur;
-		locked += len;
+		lock_limit &gt;&gt;= PAGE_SHIFT;
 		if (locked &gt; lock_limit &amp;&amp; !capable(CAP_IPC_LOCK))
 			return -EAGAIN;
 	}
@@ -1822,9 +1823,10 @@ unsigned long do_brk(unsigned long addr,
 	 */
 	if (mm-&gt;def_flags &amp; VM_LOCKED) {
 		unsigned long locked, lock_limit;
-		locked = mm-&gt;locked_vm &lt;&lt; PAGE_SHIFT;
+		locked = len &gt;&gt; PAGE_SHIFT;
+		locked += mm-&gt;locked_vm;
 		lock_limit = current-&gt;signal-&gt;rlim[RLIMIT_MEMLOCK].rlim_cur;
-		locked += len;
+		lock_limit &gt;&gt;= PAGE_SHIFT;
 		if (locked &gt; lock_limit &amp;&amp; !capable(CAP_IPC_LOCK))
 			return -EAGAIN;
 	}
_
</pre></body></html>