[PATCH] fs/namespace.c:dup_namespace(): fix a use after free
[linux/fpc-iii.git] / mm / mincore.c
blob72890780c1c94f0d89740ac5942fbdaa3dbae01b
1 /*
2 * linux/mm/mincore.c
4 * Copyright (C) 1994-1999 Linus Torvalds
5 */
7 /*
8 * The mincore() system call.
9 */
10 #include <linux/slab.h>
11 #include <linux/pagemap.h>
12 #include <linux/mm.h>
13 #include <linux/mman.h>
14 #include <linux/syscalls.h>
16 #include <asm/uaccess.h>
17 #include <asm/pgtable.h>
20 * Later we can get more picky about what "in core" means precisely.
21 * For now, simply check to see if the page is in the page cache,
22 * and is up to date; i.e. that no page-in operation would be required
23 * at this time if an application were to map and access this page.
25 static unsigned char mincore_page(struct vm_area_struct * vma,
26 unsigned long pgoff)
28 unsigned char present = 0;
29 struct address_space * as = vma->vm_file->f_mapping;
30 struct page * page;
32 page = find_get_page(as, pgoff);
33 if (page) {
34 present = PageUptodate(page);
35 page_cache_release(page);
38 return present;
41 static long mincore_vma(struct vm_area_struct * vma,
42 unsigned long start, unsigned long end, unsigned char __user * vec)
44 long error, i, remaining;
45 unsigned char * tmp;
47 error = -ENOMEM;
48 if (!vma->vm_file)
49 return error;
51 start = ((start - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
52 if (end > vma->vm_end)
53 end = vma->vm_end;
54 end = ((end - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
56 error = -EAGAIN;
57 tmp = (unsigned char *) __get_free_page(GFP_KERNEL);
58 if (!tmp)
59 return error;
61 /* (end - start) is # of pages, and also # of bytes in "vec */
62 remaining = (end - start),
64 error = 0;
65 for (i = 0; remaining > 0; remaining -= PAGE_SIZE, i++) {
66 int j = 0;
67 long thispiece = (remaining < PAGE_SIZE) ?
68 remaining : PAGE_SIZE;
70 while (j < thispiece)
71 tmp[j++] = mincore_page(vma, start++);
73 if (copy_to_user(vec + PAGE_SIZE * i, tmp, thispiece)) {
74 error = -EFAULT;
75 break;
79 free_page((unsigned long) tmp);
80 return error;
84 * The mincore(2) system call.
86 * mincore() returns the memory residency status of the pages in the
87 * current process's address space specified by [addr, addr + len).
88 * The status is returned in a vector of bytes. The least significant
89 * bit of each byte is 1 if the referenced page is in memory, otherwise
90 * it is zero.
92 * Because the status of a page can change after mincore() checks it
93 * but before it returns to the application, the returned vector may
94 * contain stale information. Only locked pages are guaranteed to
95 * remain in memory.
97 * return values:
98 * zero - success
99 * -EFAULT - vec points to an illegal address
100 * -EINVAL - addr is not a multiple of PAGE_CACHE_SIZE
101 * -ENOMEM - Addresses in the range [addr, addr + len] are
102 * invalid for the address space of this process, or
103 * specify one or more pages which are not currently
104 * mapped
105 * -EAGAIN - A kernel resource was temporarily unavailable.
107 asmlinkage long sys_mincore(unsigned long start, size_t len,
108 unsigned char __user * vec)
110 int index = 0;
111 unsigned long end, limit;
112 struct vm_area_struct * vma;
113 size_t max;
114 int unmapped_error = 0;
115 long error;
117 /* check the arguments */
118 if (start & ~PAGE_CACHE_MASK)
119 goto einval;
121 limit = TASK_SIZE;
122 if (start >= limit)
123 goto enomem;
125 if (!len)
126 return 0;
128 max = limit - start;
129 len = PAGE_CACHE_ALIGN(len);
130 if (len > max || !len)
131 goto enomem;
133 end = start + len;
135 /* check the output buffer whilst holding the lock */
136 error = -EFAULT;
137 down_read(&current->mm->mmap_sem);
139 if (!access_ok(VERIFY_WRITE, vec, len >> PAGE_SHIFT))
140 goto out;
143 * If the interval [start,end) covers some unmapped address
144 * ranges, just ignore them, but return -ENOMEM at the end.
146 error = 0;
148 vma = find_vma(current->mm, start);
149 while (vma) {
150 /* Here start < vma->vm_end. */
151 if (start < vma->vm_start) {
152 unmapped_error = -ENOMEM;
153 start = vma->vm_start;
156 /* Here vma->vm_start <= start < vma->vm_end. */
157 if (end <= vma->vm_end) {
158 if (start < end) {
159 error = mincore_vma(vma, start, end,
160 &vec[index]);
161 if (error)
162 goto out;
164 error = unmapped_error;
165 goto out;
168 /* Here vma->vm_start <= start < vma->vm_end < end. */
169 error = mincore_vma(vma, start, vma->vm_end, &vec[index]);
170 if (error)
171 goto out;
172 index += (vma->vm_end - start) >> PAGE_CACHE_SHIFT;
173 start = vma->vm_end;
174 vma = vma->vm_next;
177 /* we found a hole in the area queried if we arrive here */
178 error = -ENOMEM;
180 out:
181 up_read(&current->mm->mmap_sem);
182 return error;
184 einval:
185 return -EINVAL;
186 enomem:
187 return -ENOMEM;