Merge "mm: ashmem: Make sure vma is valid while flushing" into msm-3.0

commit: 6175478845642140b204e965cc9788f418330945 [log] [tgz]
author: Linux Build Service Account <lnxbuild@localhost> Sat Jan 21 11:43:04 2012 -0800
committer: QuIC Gerrit Code Review <code-review@localhost> Sat Jan 21 11:43:04 2012 -0800
tree: 63e907938f77bd2eea2c5688ebf0f1a5fe2061f1
parent: c1015b37ae4ecab4aa031554565718b95b8c2354 [diff]
parent: cf089c4da08614410c789fb61af3b712c3bd1850 [diff]
diff --git a/mm/ashmem.c b/mm/ashmem.c
index bc977ee..e4aab56 100644
--- a/mm/ashmem.c
+++ b/mm/ashmem.c

@@ -673,10 +673,28 @@
 	void (*cache_func)(unsigned long vstart, unsigned long length,
 				unsigned long pstart))
 {
+	int ret = 0;
+	struct vm_area_struct *vma;
 #ifdef CONFIG_OUTER_CACHE
 	unsigned long vaddr;
 #endif
-	mutex_lock(&ashmem_mutex);
+	if (!asma->vm_start)
+		return -EINVAL;
+
+	down_read(&current->mm->mmap_sem);
+	vma = find_vma(current->mm, asma->vm_start);
+	if (!vma) {
+		ret = -EINVAL;
+		goto done;
+	}
+	if (vma->vm_file != asma->file) {
+		ret = -EINVAL;
+		goto done;
+	}
+	if ((asma->vm_start + asma->size) > (vma->vm_start + vma->vm_end)) {
+		ret = -EINVAL;
+		goto done;
+	}
 #ifndef CONFIG_OUTER_CACHE
 	cache_func(asma->vm_start, asma->size, 0);
 #else
@@ -689,8 +707,11 @@
 		cache_func(vaddr, PAGE_SIZE, physaddr);
 	}
 #endif
-	mutex_unlock(&ashmem_mutex);
-	return 0;
+done:
+	up_read(&current->mm->mmap_sem);
+	if (ret)
+		asma->vm_start = 0;
+	return ret;
 }
 
 static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
commit	6175478845642140b204e965cc9788f418330945	[log] [tgz]
author	Linux Build Service Account <lnxbuild@localhost>	Sat Jan 21 11:43:04 2012 -0800
committer	QuIC Gerrit Code Review <code-review@localhost>	Sat Jan 21 11:43:04 2012 -0800
tree	63e907938f77bd2eea2c5688ebf0f1a5fe2061f1
parent	c1015b37ae4ecab4aa031554565718b95b8c2354 [diff]
parent	cf089c4da08614410c789fb61af3b712c3bd1850 [diff]