diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-27 08:36:04 -0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-10-22 09:02:25 +0100 |
commit | 47bed364d1eed775c358204b9eb7affb0ce64033 (patch) | |
tree | dd53f5d49316e0b2e5541ecaecd59c2367307cab /mm/mmzone.c | |
parent | 9a63af54974c73f5723bf9a5c03d195f4d473c20 (diff) |
mm: do not grow the stack vma just because of an overrun on preceding vma
commit 09884964335e85e897876d17783c2ad33cf8a2e0 upstream.
The stack vma is designed to grow automatically (marked with VM_GROWSUP
or VM_GROWSDOWN depending on architecture) when an access is made beyond
the existing boundary. However, particularly if you have not limited
your stack at all ("ulimit -s unlimited"), this can cause the stack to
grow even if the access was really just one past *another* segment.
And that's wrong, especially since we first grow the segment, but then
immediately later enforce the stack guard page on the last page of the
segment. So _despite_ first growing the stack segment as a result of
the access, the kernel will then make the access cause a SIGSEGV anyway!
So do the same logic as the guard page check does, and consider an
access to within one page of the next segment to be a bad access, rather
than growing the stack to abut the next segment.
Reported-and-tested-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Xishi Qiu <qiuxishi@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'mm/mmzone.c')
0 files changed, 0 insertions, 0 deletions