diff options
| author | Otavio Salvador <otavio@ossystems.com.br> | 2017-12-13 18:16:19 -0200 |
|---|---|---|
| committer | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2017-12-21 15:01:33 +0100 |
| commit | fb2d2dee504a963efdcb76517b5cdf25444cf535 (patch) | |
| tree | f1b58594ba11c6c41c3acddde35890f68c42ea9e /fs/exec.c | |
| parent | effee16e4c0cc8b570d372e33633e9f9bc8359c7 (diff) | |
| parent | d9f7e5584f0e3e34a2c14825657a6b31e7184171 (diff) | |
Merge pull request #21 from falstaff84/4.9-1.0.x-imx-fixes-stable-merge
4.9-1.0.x-imx stable 4.9.67 merge
Diffstat (limited to 'fs/exec.c')
| -rw-r--r-- | fs/exec.c | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/fs/exec.c b/fs/exec.c index 67e86571685a..b8c43be24751 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -215,7 +215,24 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (write) { unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start; - struct rlimit *rlim; + unsigned long ptr_size, limit; + + /* + * Since the stack will hold pointers to the strings, we + * must account for them as well. + * + * The size calculation is the entire vma while each arg page is + * built, so each time we get here it's calculating how far it + * is currently (rather than each call being just the newly + * added size from the arg page). As a result, we need to + * always add the entire size of the pointers, so that on the + * last call to get_arg_page() we'll actually have the entire + * correct size. + */ + ptr_size = (bprm->argc + bprm->envc) * sizeof(void *); + if (ptr_size > ULONG_MAX - size) + goto fail; + size += ptr_size; acct_arg_size(bprm, size / PAGE_SIZE); @@ -227,20 +244,24 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, return page; /* - * Limit to 1/4-th the stack size for the argv+env strings. + * Limit to 1/4 of the max stack size or 3/4 of _STK_LIM + * (whichever is smaller) for the argv+env strings. * This ensures that: * - the remaining binfmt code will not run out of stack space, * - the program will have a reasonable amount of stack left * to work from. */ - rlim = current->signal->rlim; - if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4) { - put_page(page); - return NULL; - } + limit = _STK_LIM / 4 * 3; + limit = min(limit, rlimit(RLIMIT_STACK) / 4); + if (size > limit) + goto fail; } return page; + +fail: + put_page(page); + return NULL; } static void put_arg_page(struct page *page) |