releases/2.6.12.4/x86_64-32bit-memleak.patch

From stable-bounces@linux.kernel.org  Fri Jul 15 19:18:31 2005
Date: Fri, 15 Jul 2005 19:17:44 -0700
From: "Siddha, Suresh B" <suresh.b.siddha@intel.com>
To: "Justin M. Forbes" <jmforbes@linuxtx.org>
Cc: torvalds@osdl.org, akpm@osdl.org, "Theodore Ts'o" <tytso@mit.edu>,
        "Siddha,
	Suresh B" <suresh.b.siddha@intel.com>,
        Greg KH <gregkh@suse.de>, linux-kernel@vger.kernel.org,
        Andi Kleen <ak@suse.de>, "Randy.Dunlap" <rdunlap@xenotime.net>,
        Chuck Wolber <chuckw@quantumlinux.com>, stable@kernel.org,
        alan@lxorguk.ukuu.org.uk, Zwane Mwaikambo <zwane@arm.linux.org.uk>
Subject:  [PATCH] x86_64 memleak from malicious 32bit elf program

malicious 32bit app can have an elf section at 0xffffe000.  During
exec of this app, we will have a memory leak as insert_vm_struct() is
not checking for return value in syscall32_setup_pages() and thus not
freeing the vma allocated for the vsyscall page.

Check the return value and free the vma incase of failure.

Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 arch/x86_64/ia32/syscall32.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletion(-)

--- linux-2.6.12.3.orig/arch/x86_64/ia32/syscall32.c	2005-07-28 11:17:01.000000000 -0700
+++ linux-2.6.12.3/arch/x86_64/ia32/syscall32.c	2005-07-28 11:17:11.000000000 -0700
@@ -57,6 +57,7 @@
 	int npages = (VSYSCALL32_END - VSYSCALL32_BASE) >> PAGE_SHIFT;
 	struct vm_area_struct *vma;
 	struct mm_struct *mm = current->mm;
+	int ret;
 
 	vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
 	if (!vma)
@@ -78,7 +79,11 @@
 	vma->vm_mm = mm;
 
 	down_write(&mm->mmap_sem);
-	insert_vm_struct(mm, vma);
+	if ((ret = insert_vm_struct(mm, vma))) {
+		up_write(&mm->mmap_sem);
+		kmem_cache_free(vm_area_cachep, vma);
+		return ret;
+	}
 	mm->total_vm += npages;
 	up_write(&mm->mmap_sem);
 	return 0;