Commit e69a11be authored by Chris Wright's avatar Chris Wright Committed by Linus Torvalds

[PATCH] setup_arg_pages can insert overlapping vma

Florian Heinz built an a.out binary that could map bss from 0x0 to
0xc0000000, and setup_arg_pages() would be unhappt in insert_vma_struct
because the arg pages overlapped.  This just checks before inserting,
and bails out if it would overlap.
Signed-off-by: default avatarChris Wright <chrisw@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 7df2c1ef
...@@ -413,6 +413,7 @@ int setup_arg_pages(struct linux_binprm *bprm, int executable_stack) ...@@ -413,6 +413,7 @@ int setup_arg_pages(struct linux_binprm *bprm, int executable_stack)
down_write(&mm->mmap_sem); down_write(&mm->mmap_sem);
{ {
struct vm_area_struct *vma;
mpnt->vm_mm = mm; mpnt->vm_mm = mm;
#ifdef CONFIG_STACK_GROWSUP #ifdef CONFIG_STACK_GROWSUP
mpnt->vm_start = stack_base; mpnt->vm_start = stack_base;
...@@ -433,6 +434,12 @@ int setup_arg_pages(struct linux_binprm *bprm, int executable_stack) ...@@ -433,6 +434,12 @@ int setup_arg_pages(struct linux_binprm *bprm, int executable_stack)
mpnt->vm_flags = VM_STACK_FLAGS; mpnt->vm_flags = VM_STACK_FLAGS;
mpnt->vm_flags |= mm->def_flags; mpnt->vm_flags |= mm->def_flags;
mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7]; mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7];
vma = find_vma(mm, mpnt->vm_start);
if (vma) {
up_write(&mm->mmap_sem);
kmem_cache_free(vm_area_cachep, mpnt);
return -ENOMEM;
}
insert_vm_struct(mm, mpnt); insert_vm_struct(mm, mpnt);
mm->stack_vm = mm->total_vm = vma_pages(mpnt); mm->stack_vm = mm->total_vm = vma_pages(mpnt);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment