diff options
author | Kirill Korotaev <dev@sw.ru> | 2006-08-16 12:58:10 +0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2006-08-23 14:13:32 -0700 |
commit | 8833ebaa3f4325820fe3338ccf6fae04f6669254 (patch) | |
tree | cc65b223fbad701405a770636635e3ff30932d6c /mm | |
parent | 0872a284963a642ba748cbd75842138dd9a3bd00 (diff) |
IA64: local DoS with corrupted ELFs
This patch prevents cross-region mappings
on IA64 and SPARC which could lead to system crash.
davem@ confirmed: "This looks fine to me." :)
Signed-Off-By: Pavel Emelianov <xemul@openvz.org>
Signed-Off-By: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'mm')
-rw-r--r-- | mm/mmap.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/mm/mmap.c b/mm/mmap.c index e6ee12344b13..d6e9641f0635 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -913,6 +913,10 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr, if (!len) return -EINVAL; + error = arch_mmap_check(addr, len, flags); + if (error) + return error; + /* Careful about overflows.. */ len = PAGE_ALIGN(len); if (!len || len > TASK_SIZE) @@ -1852,6 +1856,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) unsigned long flags; struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; + int error; len = PAGE_ALIGN(len); if (!len) @@ -1860,6 +1865,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len) if ((addr + len) > TASK_SIZE || (addr + len) < addr) return -EINVAL; + flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; + + error = arch_mmap_check(addr, len, flags); + if (error) + return error; + /* * mlock MCL_FUTURE? */ @@ -1900,8 +1911,6 @@ unsigned long do_brk(unsigned long addr, unsigned long len) if (security_vm_enough_memory(len >> PAGE_SHIFT)) return -ENOMEM; - flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; - /* Can we just expand an old private anonymous mapping? */ if (vma_merge(mm, prev, addr, addr + len, flags, NULL, NULL, pgoff, NULL)) |