diff options
author | Mark Weiman | 2017-06-22 23:51:45 -0400 |
---|---|---|
committer | Mark Weiman | 2017-06-22 23:51:45 -0400 |
commit | aeed66594fa9ab128de689d1159915526b5911c2 (patch) | |
tree | 17d98d4aa9a07bd91f048c432b308305985229a9 /CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch | |
parent | bf2f23abe07021b128cb3b25032c13725df1f68d (diff) | |
download | aur-aeed66594fa9ab128de689d1159915526b5911c2.tar.gz |
Update to 4.11.6-1
Diffstat (limited to 'CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch')
-rw-r--r-- | CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch b/CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch new file mode 100644 index 000000000000..58ec52fa3098 --- /dev/null +++ b/CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch @@ -0,0 +1,45 @@ +From bd726c90b6b8ce87602208701b208a208e6d5600 Mon Sep 17 00:00:00 2001 +From: Helge Deller <deller@gmx.de> +Date: Mon, 19 Jun 2017 17:34:05 +0200 +Subject: [PATCH] Allow stack to grow up to address space limit + +Fix expand_upwards() on architectures with an upward-growing stack (parisc, +metag and partly IA-64) to allow the stack to reliably grow exactly up to +the address space limit given by TASK_SIZE. + +Signed-off-by: Helge Deller <deller@gmx.de> +Acked-by: Hugh Dickins <hughd@google.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +--- + mm/mmap.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/mm/mmap.c b/mm/mmap.c +index 290b77d9a01e0..a5e3dcd75e79f 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -2230,16 +2230,19 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) + if (!(vma->vm_flags & VM_GROWSUP)) + return -EFAULT; + +- /* Guard against wrapping around to address 0. */ ++ /* Guard against exceeding limits of the address space. */ + address &= PAGE_MASK; +- address += PAGE_SIZE; +- if (!address) ++ if (address >= TASK_SIZE) + return -ENOMEM; ++ address += PAGE_SIZE; + + /* Enforce stack_guard_gap */ + gap_addr = address + stack_guard_gap; +- if (gap_addr < address) +- return -ENOMEM; ++ ++ /* Guard against overflow */ ++ if (gap_addr < address || gap_addr > TASK_SIZE) ++ gap_addr = TASK_SIZE; ++ + next = vma->vm_next; + if (next && next->vm_start < gap_addr) { + if (!(next->vm_flags & VM_GROWSUP)) |