DivestOS/Patches/Linux_CVEs/CVE-2017-1000364/3.4/0004.patch

48 lines
1.5 KiB
Diff
Raw Normal View History

2017-10-29 22:14:37 -04:00
From 631cf8061fa5fccd307e30abc4c778a553fc2006 Mon Sep 17 00:00:00 2001
From: Helge Deller <deller@gmx.de>
Date: Mon, 19 Jun 2017 17:34:05 +0200
2017-10-29 22:14:37 -04:00
Subject: [PATCH] Allow stack to grow up to address space limit
commit bd726c90b6b8ce87602208701b208a208e6d5600 upstream.
Fix expand_upwards() on architectures with an upward-growing stack (parisc,
metag and partly IA-64) to allow the stack to reliably grow exactly up to
the address space limit given by TASK_SIZE.
2017-10-29 22:14:37 -04:00
Change-Id: I5a480cdafc4fc2728b7a5dbe48155eaf8796f46e
Signed-off-by: Helge Deller <deller@gmx.de>
Acked-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-10-29 22:14:37 -04:00
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
diff --git a/mm/mmap.c b/mm/mmap.c
2017-10-29 22:14:37 -04:00
index b94a982..364a83f 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
2017-10-29 22:14:37 -04:00
@@ -1778,16 +1778,19 @@
* We must make sure the anon_vma is allocated
* so that the anon_vma locking is not a noop.
*/
- /* Guard against wrapping around to address 0. */
+ /* Guard against exceeding limits of the address space. */
address &= PAGE_MASK;
- address += PAGE_SIZE;
- if (!address)
+ if (address >= TASK_SIZE)
return -ENOMEM;
+ address += PAGE_SIZE;
/* Enforce stack_guard_gap */
gap_addr = address + stack_guard_gap;
- if (gap_addr < address)
- return -ENOMEM;
+
+ /* Guard against overflow */
+ if (gap_addr < address || gap_addr > TASK_SIZE)
+ gap_addr = TASK_SIZE;
+
next = vma->vm_next;
if (next && next->vm_start < gap_addr) {
if (!(next->vm_flags & VM_GROWSUP))