| From: Helge Deller <deller@gmx.de> |
| Date: Fri, 14 Jul 2017 14:49:38 -0700 |
| Subject: mm: fix overflow check in expand_upwards() |
| MIME-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| commit 37511fb5c91db93d8bd6e3f52f86e5a7ff7cfcdf upstream. |
| |
| Jörn Engel noticed that the expand_upwards() function might not return |
| -ENOMEM in case the requested address is (unsigned long)-PAGE_SIZE and |
| if the architecture didn't defined TASK_SIZE as multiple of PAGE_SIZE. |
| |
| Affected architectures are arm, frv, m68k, blackfin, h8300 and xtensa |
| which all define TASK_SIZE as 0xffffffff, but since none of those have |
| an upwards-growing stack we currently have no actual issue. |
| |
| Nevertheless let's fix this just in case any of the architectures with |
| an upward-growing stack (currently parisc, metag and partly ia64) define |
| TASK_SIZE similar. |
| |
| Link: http://lkml.kernel.org/r/20170702192452.GA11868@p100.box |
| Fixes: bd726c90b6b8 ("Allow stack to grow up to address space limit") |
| Signed-off-by: Helge Deller <deller@gmx.de> |
| Reported-by: Jörn Engel <joern@purestorage.com> |
| Cc: Hugh Dickins <hughd@google.com> |
| Cc: Oleg Nesterov <oleg@redhat.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| mm/mmap.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/mm/mmap.c |
| +++ b/mm/mmap.c |
| @@ -1717,7 +1717,7 @@ int expand_upwards(struct vm_area_struct |
| |
| /* Guard against exceeding limits of the address space. */ |
| address &= PAGE_MASK; |
| - if (address >= TASK_SIZE) |
| + if (address >= (TASK_SIZE & PAGE_MASK)) |
| return -ENOMEM; |
| address += PAGE_SIZE; |
| |
