From 557515a6c27bd2a9a0ba4dcfdf74c9ced21fc560 Mon Sep 17 00:00:00 2001
From: Dave Jones <davej@redhat.com>
Date: Thu, 12 Dec 2013 17:30:58 -0500
Subject: [PATCH] clean up the remap_file_pages sanitize routine

---
 syscalls/remap_file_pages.c | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/syscalls/remap_file_pages.c b/syscalls/remap_file_pages.c
index 5d13802..4259174 100644
--- a/syscalls/remap_file_pages.c
+++ b/syscalls/remap_file_pages.c
@@ -12,21 +12,20 @@
 
 static void sanitise_remap_file_pages(int childno)
 {
-	(void) common_set_mmap_ptr_len(childno);
+	struct map *map;
+	size_t size;
 
-	shm->a3[childno] = 0;
+	map = common_set_mmap_ptr_len(childno);
+
+	/* We just want to remap a part of the mapping. */
+	size = rand() % map->size;
+	shm->a2[childno] = size;
 
-retry_pgoff:
-	if (shm->a4[childno] + (shm->a2[childno] >> PAGE_SHIFT) < shm->a4[childno]) {
-		shm->a4[childno] = rand() & (shm->a2[childno] / page_size);
-		goto retry_pgoff;
-	}
+	/* "The prot argument must be specified as 0" */
+	shm->a3[childno] = 0;
 
-retry_pgoff_bits:
-	if (shm->a4[childno] + (shm->a2[childno] >> PAGE_SHIFT) >= (1UL << PTE_FILE_MAX_BITS)) {
-		shm->a4[childno] = (shm->a4[childno] >> 1);
-		goto retry_pgoff_bits;
-	}
+	/* Pick a random pgoff. */
+	shm->a4[childno] = rand() & (size / page_size);
 }
 
 struct syscall syscall_remap_file_pages = {
-- 
2.11.4.GIT