All of lore.kernel.org
 help / color / mirror / Atom feed
From: Helge Deller <deller@gmx.de>
To: Hugh Dickins <hughd@google.com>, linux-kernel@vger.kernel.org
Cc: "Jörn Engel" <joern@purestorage.com>, linux-parisc@vger.kernel.org
Subject: [PATCH v2] mm: Fix overflow check in expand_upwards()
Date: Sun, 2 Jul 2017 21:24:52 +0200	[thread overview]
Message-ID: <20170702192452.GA11868@p100.box> (raw)

Jörn Engel noticed that the expand_upwards() function might not return -ENOMEM
in case the requested address is (unsigned long)-PAGE_SIZE and if the
architecture didn't defined TASK_SIZE as multiple of PAGE_SIZE.

Affected architectures are arm, frv, m68k, blackfin, h8300 and xtensa which all
define TASK_SIZE as 0xffffffff, but since none of those have an upwards-growing
stack we currently have no actual issue.

Nevertheless let's fix this just in case any of the architectures with an
upward-growing stack (currently parisc, metag and partly ia64) define TASK_SIZE
similar.

Reported-by: Jörn Engel <joern@purestorage.com>
Fixes: bd726c90b6b8 ("Allow stack to grow up to address space limit")
Cc: stable@vger.kernel.org
Signed-off-by: Helge Deller <deller@gmx.de>

diff --git a/mm/mmap.c b/mm/mmap.c
index a5e3dcd..cc2fc8a 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2232,7 +2232,7 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
 
 	/* Guard against exceeding limits of the address space. */
 	address &= PAGE_MASK;
-	if (address >= TASK_SIZE)
+	if (address >= (TASK_SIZE & PAGE_MASK))
 		return -ENOMEM;
 	address += PAGE_SIZE;
 

                 reply	other threads:[~2017-07-02 19:24 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170702192452.GA11868@p100.box \
    --to=deller@gmx.de \
    --cc=hughd@google.com \
    --cc=joern@purestorage.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-parisc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.