From: Danny Feng <dfeng@redhat.com> Date: Fri, 29 Jan 2010 09:26:04 -0500 Subject: [mm] kill ancient cruft in s390 compat mmap Message-id: <20100129092616.4587.206.sendpatchset@dhcp-65-180.nay.redhat.com> Patchwork-id: 22992 O-Subject: [PATCH RHEL5.5 7/12 BZ556710 CVE-2010-0291] Kill ancient crap in s390 compat mmap Bugzilla: 556710 RH-Acked-by: Jarod Wilson <jarod@redhat.com> RH-Acked-by: Larry Woodman <lwoodman@redhat.com> backport of upstream commit 570dcf2c15463842e384eb597a87c1e39bead99b Subject: [PATCH] Kill ancient crap in s390 compat mmap We've had TASK_SIZE set to 1<<31 for 31bit tasks since May 2004. Before that old32_mmap() had to deal with do_mmap_pgoff() giving it an address out of range. It had tried to do that by checking return value and doing do_munmap() (at wrong address, BTW). IOW, that code had been dead for 5.5 years (and bogus - for 8). Kill. Acked-by: Hugh Dickins <hugh.dickins@tiscali.co.uk> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c index e41ba9f..f31d32e 100644 --- a/arch/s390/kernel/compat_linux.c +++ b/arch/s390/kernel/compat_linux.c @@ -890,11 +890,6 @@ static inline long do_mmap2( down_write(¤t->mm->mmap_sem); error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); - if (!IS_ERR((void *) error) && error + len >= 0x80000000ULL) { - /* Result is out of bounds. */ - do_munmap(current->mm, addr, len); - error = -ENOMEM; - } up_write(¤t->mm->mmap_sem); if (file)