summaryrefslogtreecommitdiff
path: root/arch
diff options
context:
space:
mode:
authorLudwig Nussel <ludwig.nussel@suse.de>2011-11-15 14:46:46 -0800
committerGreg Kroah-Hartman <gregkh@suse.de>2012-01-25 17:24:43 -0800
commit59c43b2c3ef410e585646825ea552507cd51ccb1 (patch)
treea3841562c5bb1ee5aaa3244b3c250528d5c6cdcc /arch
parentea1c62778121f6ece5e0120250716b45e204cb13 (diff)
downloadlwn-59c43b2c3ef410e585646825ea552507cd51ccb1.tar.gz
lwn-59c43b2c3ef410e585646825ea552507cd51ccb1.zip
x86: Fix mmap random address range
commit 9af0c7a6fa860698d080481f24a342ba74b68982 upstream. On x86_32 casting the unsigned int result of get_random_int() to long may result in a negative value. On x86_32 the range of mmap_rnd() therefore was -255 to 255. The 32bit mode on x86_64 used 0 to 255 as intended. The bug was introduced by 675a081 ("x86: unify mmap_{32|64}.c") in January 2008. Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: harvey.harrison@gmail.com Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Link: http://lkml.kernel.org/r/201111152246.pAFMklOB028527@wpaz5.hot.corp.google.com Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'arch')
-rw-r--r--arch/x86/mm/mmap.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index 1dab5194fd9d..f927429d07ca 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -87,9 +87,9 @@ static unsigned long mmap_rnd(void)
*/
if (current->flags & PF_RANDOMIZE) {
if (mmap_is_ia32())
- rnd = (long)get_random_int() % (1<<8);
+ rnd = get_random_int() % (1<<8);
else
- rnd = (long)(get_random_int() % (1<<28));
+ rnd = get_random_int() % (1<<28);
}
return rnd << PAGE_SHIFT;
}