Commit 691162d6 authored by Siddha, Suresh B's avatar Siddha, Suresh B Committed by Chris Wright

[PATCH] x86_64 memleak from malicious 32bit elf program

malicious 32bit app can have an elf section at 0xffffe000.  During
exec of this app, we will have a memory leak as insert_vm_struct() is
not checking for return value in syscall32_setup_pages() and thus not
freeing the vma allocated for the vsyscall page.

Check the return value and free the vma incase of failure.
Signed-off-by: default avatarSuresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: default avatarChris Wright <chrisw@osdl.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent e0b02eec
......@@ -57,6 +57,7 @@ int syscall32_setup_pages(struct linux_binprm *bprm, int exstack)
int npages = (VSYSCALL32_END - VSYSCALL32_BASE) >> PAGE_SHIFT;
struct vm_area_struct *vma;
struct mm_struct *mm = current->mm;
int ret;
vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
if (!vma)
......@@ -78,7 +79,11 @@ int syscall32_setup_pages(struct linux_binprm *bprm, int exstack)
vma->vm_mm = mm;
down_write(&mm->mmap_sem);
insert_vm_struct(mm, vma);
if ((ret = insert_vm_struct(mm, vma))) {
up_write(&mm->mmap_sem);
kmem_cache_free(vm_area_cachep, vma);
return ret;
}
mm->total_vm += npages;
up_write(&mm->mmap_sem);
return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment