Commit 4ac31311 authored by Rich Felker's avatar Rich Felker Committed by Greg Ungerer

fs/binfmt_elf_fdpic.c: fix brk area overlap with stack on NOMMU

On NOMMU archs, the FDPIC ELF loader sets up the usable brk range to
overlap with all but the last PAGE_SIZE bytes of the stack. This leads
to catastrophic memory reuse/corruption if brk is used. Fix by setting
the brk area to zero size to disable its use.
Signed-off-by: default avatarRich Felker <dalias@libc.org>
Acked-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarGreg Ungerer <gerg@uclinux.org>
parent 32b88194
...@@ -374,10 +374,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm) ...@@ -374,10 +374,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
PAGE_ALIGN(current->mm->start_brk); PAGE_ALIGN(current->mm->start_brk);
#else #else
/* create a stack and brk area big enough for everyone /* create a stack area and zero-size brk area */
* - the brk heap starts at the bottom and works up
* - the stack starts at the top and works down
*/
stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK; stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK;
if (stack_size < PAGE_SIZE * 2) if (stack_size < PAGE_SIZE * 2)
stack_size = PAGE_SIZE * 2; stack_size = PAGE_SIZE * 2;
...@@ -400,8 +397,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm) ...@@ -400,8 +397,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
current->mm->brk = current->mm->start_brk; current->mm->brk = current->mm->start_brk;
current->mm->context.end_brk = current->mm->start_brk; current->mm->context.end_brk = current->mm->start_brk;
current->mm->context.end_brk +=
(stack_size > PAGE_SIZE) ? (stack_size - PAGE_SIZE) : 0;
current->mm->start_stack = current->mm->start_brk + stack_size; current->mm->start_stack = current->mm->start_brk + stack_size;
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment