From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Tony Luck <tony.luck@intel.com>, dann frazier <dannf@debian.org>
Subject: [76/80] guard page for stacks that grow upwards
Date: Fri, 24 Sep 2010 09:25:04 -0700 [thread overview]
Message-ID: <20100924162621.543515274@clark.site> (raw)
In-Reply-To: <20100924162706.GA7381@kroah.com>
2.6.35-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luck, Tony <tony.luck@intel.com>
commit 8ca3eb08097f6839b2206e2242db4179aee3cfb3 upstream.
pa-risc and ia64 have stacks that grow upwards. Check that
they do not run into other mappings. By making VM_GROWSUP
0x0 on architectures that do not ever use it, we can avoid
some unpleasant #ifdefs in check_stack_guard_page().
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: dann frazier <dannf@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/linux/mm.h | 8 +++++++-
mm/memory.c | 15 +++++++++++----
mm/mmap.c | 3 ---
3 files changed, 18 insertions(+), 8 deletions(-)
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -78,7 +78,11 @@ extern unsigned int kobjsize(const void
#define VM_MAYSHARE 0x00000080
#define VM_GROWSDOWN 0x00000100 /* general info on the segment */
+#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
#define VM_GROWSUP 0x00000200
+#else
+#define VM_GROWSUP 0x00000000
+#endif
#define VM_PFNMAP 0x00000400 /* Page-ranges managed without "struct page", just pure PFN */
#define VM_DENYWRITE 0x00000800 /* ETXTBSY on write attempts.. */
@@ -1329,8 +1333,10 @@ unsigned long ra_submit(struct file_ra_s
/* Do stack extension */
extern int expand_stack(struct vm_area_struct *vma, unsigned long address);
-#ifdef CONFIG_IA64
+#if VM_GROWSUP
extern int expand_upwards(struct vm_area_struct *vma, unsigned long address);
+#else
+ #define expand_upwards(vma, address) do { } while (0)
#endif
extern int expand_stack_downwards(struct vm_area_struct *vma,
unsigned long address);
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2791,11 +2791,9 @@ out_release:
}
/*
- * This is like a special single-page "expand_downwards()",
- * except we must first make sure that 'address-PAGE_SIZE'
+ * This is like a special single-page "expand_{down|up}wards()",
+ * except we must first make sure that 'address{-|+}PAGE_SIZE'
* doesn't hit another vma.
- *
- * The "find_vma()" will do the right thing even if we wrap
*/
static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned long address)
{
@@ -2814,6 +2812,15 @@ static inline int check_stack_guard_page
expand_stack(vma, address - PAGE_SIZE);
}
+ if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) {
+ struct vm_area_struct *next = vma->vm_next;
+
+ /* As VM_GROWSDOWN but s/below/above/ */
+ if (next && next->vm_start == address + PAGE_SIZE)
+ return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM;
+
+ expand_upwards(vma, address + PAGE_SIZE);
+ }
return 0;
}
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -1704,9 +1704,6 @@ static int acct_stack_growth(struct vm_a
* PA-RISC uses this for its stack; IA64 for its Register Backing Store.
* vma is the last one with address > vma->vm_end. Have to extend vma.
*/
-#ifndef CONFIG_IA64
-static
-#endif
int expand_upwards(struct vm_area_struct *vma, unsigned long address)
{
int error;
next prev parent reply other threads:[~2010-09-24 16:29 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-24 16:27 [00/80] 2.6.35.6 stable review Greg KH
2010-09-24 16:23 ` [01/80] usb: musb_debugfs: dont use the struct file private_data field with seq_files Greg KH
2010-09-24 16:23 ` [02/80] USB: serial/mos*: prevent reading uninitialized stack memory Greg KH
2010-09-24 16:23 ` [03/80] bridge: Clear INET control block of SKBs passed into ip_fragment() Greg KH
2010-09-24 16:23 ` [04/80] gro: fix different skb headrooms Greg KH
2010-09-24 16:23 ` [05/80] gro: Re-fix " Greg KH
2010-09-24 16:23 ` [06/80] irda: Correctly clean up self->ias_obj on irda_bind() failure Greg KH
2010-09-24 16:23 ` [07/80] rds: fix a leak of kernel memory Greg KH
2010-09-24 16:23 ` [08/80] net: RPS needs to depend upon USE_GENERIC_SMP_HELPERS Greg KH
2010-09-24 16:23 ` [09/80] tcp: Combat per-cpu skew in orphan tests Greg KH
2010-09-24 16:23 ` [10/80] tcp: fix three tcp sysctls tuning Greg KH
2010-09-24 16:23 ` [11/80] tcp: select(writefds) dont hang up when a peer close connection Greg KH
2010-09-24 16:24 ` [12/80] tcp: Prevent overzealous packetization by SWS logic Greg KH
2010-09-24 16:24 ` [13/80] udp: add rehash on connect() Greg KH
2010-09-24 16:24 ` [14/80] UNIX: Do not loop forever at unix_autobind() Greg KH
2010-09-24 16:24 ` [15/80] l2tp: test for ethernet header in l2tp_eth_dev_recv() Greg KH
2010-09-24 16:24 ` [16/80] net: blackhole route should always be recalculated Greg KH
2010-09-24 16:24 ` [17/80] sparc64: Get rid of indirect p1275 PROM call buffer Greg KH
2010-09-24 16:24 ` [18/80] drivers/net/usb/hso.c: prevent reading uninitialized memory Greg KH
2010-09-24 16:24 ` [19/80] drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory Greg KH
2010-09-24 16:24 ` [20/80] drivers/net/eql.c: " Greg KH
2010-09-24 16:24 ` [21/80] bonding: correctly process non-linear skbs Greg KH
2010-09-24 16:24 ` [22/80] Staging: vt6655: fix buffer overflow Greg KH
2010-09-24 16:24 ` [23/80] net/llc: make opt unsigned in llc_ui_setsockopt() Greg KH
2010-09-24 16:24 ` [24/80] mm: fix swapin race condition Greg KH
2010-09-24 16:24 ` [25/80] mm: further " Greg KH
2010-09-24 16:24 ` [26/80] virtio: console: Prevent userspace from submitting NULL buffers Greg KH
2010-09-24 16:24 ` [27/80] virtio: console: Fix poll blocking even though there is data to read Greg KH
2010-09-24 16:24 ` [28/80] intel_agp, drm/i915: Add all sandybridge graphics devices support Greg KH
2010-09-24 16:24 ` [29/80] agp/intel: fix physical address mask bits for sandybridge Greg KH
2010-09-24 16:24 ` [30/80] agp/intel: fix dma mask bits on sandybridge Greg KH
2010-09-24 16:24 ` [31/80] hw breakpoints: Fix pid namespace bug Greg KH
2010-09-24 16:24 ` [32/80] pid: make setpgid() system call use RCU read-side critical section Greg KH
2010-09-24 16:24 ` [33/80] sched: Fix user time incorrectly accounted as system time on 32-bit Greg KH
2010-09-24 16:24 ` [34/80] oprofile: Add Support for Intel CPU Family 6 / Model 22 (Intel Celeron 540) Greg KH
2010-09-24 16:24 ` [35/80] drm/i915,agp/intel: Add second set of PCI-IDs for B43 Greg KH
2010-09-24 16:24 ` [36/80] bdi: Initialize noop_backing_dev_info properly Greg KH
2010-09-24 16:24 ` [37/80] bdi: Fix warnings in __mark_inode_dirty for /dev/zero and friends Greg KH
2010-09-24 16:24 ` [38/80] char: Mark /dev/zero and /dev/kmem as not capable of writeback Greg KH
2010-09-24 16:24 ` [39/80] drivers/pci/intel-iommu.c: fix build with older gccs Greg KH
2010-09-24 16:24 ` [40/80] mmap: call unlink_anon_vmas() in __split_vma() in case of error Greg KH
2010-09-24 16:24 ` [41/80] drivers/video/sis/sis_main.c: prevent reading uninitialized stack memory Greg KH
2010-09-24 16:24 ` [42/80] rtc: s3c: balance state changes of wakeup flag Greg KH
2010-09-24 16:24 ` [43/80] Prevent freeing uninitialized pointer in compat_do_readv_writev Greg KH
2010-09-24 16:24 ` [44/80] /proc/vmcore: fix seeking Greg KH
2010-09-24 16:24 ` [45/80] vmscan: check all_unreclaimable in direct reclaim path Greg KH
2010-09-24 16:24 ` [46/80] percpu: fix pcpu_last_unit_cpu Greg KH
2010-09-24 16:24 ` [47/80] aio: do not return ERESTARTSYS as a result of AIO Greg KH
2010-09-24 16:24 ` [48/80] aio: check for multiplication overflow in do_io_submit Greg KH
2010-09-24 16:24 ` [49/80] x86 platform drivers: hp-wmi Reorder event id processing Greg KH
2010-09-24 16:24 ` [50/80] GFS2: gfs2_logd should be using interruptible waits Greg KH
2010-09-24 16:24 ` [51/80] drm/nv50: initialize ramht_refs list for faked 0 channel Greg KH
2010-09-24 16:24 ` [52/80] inotify: send IN_UNMOUNT events Greg KH
2010-09-24 16:24 ` [53/80] SCSI: mptsas: fix hangs caused by ATA pass-through Greg KH
2010-09-27 17:47 ` John Drescher
2010-09-24 16:24 ` [54/80] KVM: Keep slot ID in memory slot structure Greg KH
2010-09-24 16:24 ` [55/80] KVM: Prevent internal slots from being COWed Greg KH
2010-09-24 16:24 ` [56/80] KVM: MMU: fix direct sps access corrupted Greg KH
2010-09-24 16:24 ` [57/80] KVM: x86: emulator: inc/dec can have lock prefix Greg KH
2010-09-24 16:24 ` [58/80] KVM: MMU: fix mmu notifier invalidate handler for huge spte Greg KH
2010-09-24 16:24 ` [59/80] KVM: VMX: Fix host GDT.LIMIT corruption Greg KH
2010-09-24 16:24 ` [60/80] IA64: fix siglock Greg KH
2010-09-24 16:24 ` [61/80] IA64: Optimize ticket spinlocks in fsys_rt_sigprocmask Greg KH
2010-09-24 16:24 ` [62/80] KEYS: Fix RCU no-lock warning in keyctl_session_to_parent() Greg KH
2010-09-24 16:24 ` [63/80] KEYS: Fix bug in keyctl_session_to_parent() if parent has no session keyring Greg KH
2010-09-24 16:24 ` [64/80] xfs: prevent reading uninitialized stack memory Greg KH
2010-09-24 16:24 ` [65/80] drivers/video/via/ioctl.c: " Greg KH
2010-09-24 16:24 ` [66/80] AT91: change dma resource index Greg KH
2010-09-24 16:24 ` [67/80] PM: Prevent waiting forever on asynchronous resume after failing suspend Greg KH
2010-09-24 16:24 ` [68/80] PM / Hibernate: Avoid hitting OOM during preallocation of memory Greg KH
2010-09-24 16:24 ` [69/80] x86, asm: Use a lower case name for the end macro in atomic64_386_32.S Greg KH
2010-09-24 16:24 ` [70/80] ALSA: hda - Fix beep frequency on IDT 92HD73xx and 92HD71Bxx codecs Greg KH
2010-09-24 16:24 ` [71/80] Fix call to replaced SuperIO functions Greg KH
2010-09-24 16:25 ` [72/80] dell-wmi: Add support for eject key on Dell Studio 1555 Greg KH
2010-09-24 16:25 ` [73/80] mm: page allocator: drain per-cpu lists after direct reclaim allocation fails Greg KH
2010-09-24 16:25 ` [74/80] mm: page allocator: calculate a better estimate of NR_FREE_PAGES when memory is low and kswapd is awake Greg KH
2010-09-24 16:25 ` [75/80] mm: page allocator: update free page counters after pages are placed on the free list Greg KH
2010-09-24 16:25 ` Greg KH [this message]
2010-09-24 16:25 ` [77/80] Fix unprotected access to task credentials in waitid() Greg KH
2010-09-24 16:25 ` [78/80] sctp: Do not reset the packet during sctp_packet_config() Greg KH
2010-09-24 16:25 ` [79/80] drm/i915: Ensure that the crtcinfo is populated during mode_fixup() Greg KH
2010-09-24 16:25 ` [80/80] alpha: Fix printk format errors Greg KH
2010-09-24 20:49 ` [00/80] 2.6.35.6 stable review Gene Heskett
2010-09-25 15:02 ` Greg KH
2010-09-25 15:16 ` Gene Heskett
2010-09-25 23:52 ` Gene Heskett
2010-09-25 16:49 ` Piotr Hosowicz
2010-09-25 17:24 ` Greg KH
2010-09-25 17:30 ` Piotr Hosowicz
2010-09-25 17:42 ` Greg KH
2010-09-25 17:52 ` Piotr Hosowicz
2010-09-26 11:32 ` Greg KH
2010-09-26 13:02 ` Piotr Hosowicz
2010-09-26 13:10 ` Sven Joachim
2010-09-26 13:15 ` Piotr Hosowicz
2010-09-25 17:34 ` Piotr Hosowicz
2010-09-25 17:41 ` Greg KH
2010-09-25 17:47 ` Piotr Hosowicz
2010-09-25 17:49 ` Piotr Hosowicz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100924162621.543515274@clark.site \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=dannf@debian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=tony.luck@intel.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).