mm: fix prctl_set_vma_anon_nameandroid-6.0.1_r0.76

prctl_set_vma_anon_name could attempt to set the name across two vmas at the same time due to a typo, which might corrupt the vma list. Fix it to use tmp instead of end to limit the name setting to a single vma at a time. Reported-by: Jed Davis <jld@mozilla.com> Signed-off-by: Colin Cross <ccross@android.com> (cherry picked from commit 091ff4dc3b3234e7f5e928843a44e54bf6961185) Change-Id: I626f7b7b84885220a51daa76b8c40575dfa6fce0
author: Colin Cross <ccross@android.com> 2014-08-05 12:05:17 -0700
committer: Robb Glasser <rglasser@google.com> 2016-03-25 15:31:47 -0700
commit: c03cbb2219e2da30404db3c599647c7687d7c7e9 (patch)
tree: cb9428fd3a0a67a1797f562d3d9bbb69679a9bea
parent: 152777b5e09a3310a0668d5eddc0365bbb52b005 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/sys.c b/kernel/sys.c
index 407abeef9f6e..0b08c9f000f3 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2187,7 +2187,7 @@ static int prctl_set_vma_anon_name(unsigned long start, unsigned long end,
 			tmp = end;
 
 		/* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */
-		error = prctl_update_vma_anon_name(vma, &prev, start, end,
+		error = prctl_update_vma_anon_name(vma, &prev, start, tmp,
 				(const char __user *)arg);
 		if (error)
 			return error;
author	Colin Cross <ccross@android.com>	2014-08-05 12:05:17 -0700
committer	Robb Glasser <rglasser@google.com>	2016-03-25 15:31:47 -0700
commit	c03cbb2219e2da30404db3c599647c7687d7c7e9 (patch)
tree	cb9428fd3a0a67a1797f562d3d9bbb69679a9bea
parent	152777b5e09a3310a0668d5eddc0365bbb52b005 (diff)