From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751988AbdGBTZB (ORCPT ); Sun, 2 Jul 2017 15:25:01 -0400 Received: from mout.gmx.net ([212.227.17.22]:65487 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751849AbdGBTY5 (ORCPT ); Sun, 2 Jul 2017 15:24:57 -0400 Date: Sun, 2 Jul 2017 21:24:52 +0200 From: Helge Deller To: Hugh Dickins , linux-kernel@vger.kernel.org Cc: =?iso-8859-15?Q?J=F6rn?= Engel , linux-parisc@vger.kernel.org Subject: [PATCH v2] mm: Fix overflow check in expand_upwards() Message-ID: <20170702192452.GA11868@p100.box> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.23 (2014-03-12) X-Provags-ID: V03:K0:NyFkrFaOJBoJ+S43EwJveiHUkUfCD+Ukne6+S1k8k86PS09tGWZ jjmMXnZe0vlZmgK94/u7MVK2e0R5+FHWknv6PkX0jISLG9BNRAd8vz0pH9aYB/7SESb8x1Z v2gKITCGWQbgsav7q5OMncx1b59ey2gco0tLFmLQp6jXGl+xxjIeiTtlXZKCCu9rhrMTxMv J1A9cUVXPp35SAhI3sh3A== X-UI-Out-Filterresults: notjunk:1;V01:K0:+l2y8TtMmSo=:mSVb94CYygY1y+8v9mFCYo Ytkj9yBfQCuVKtLDRgU13zxu/lG6rjxQnq2onU2+CidSdF4ucmyxNqHj+Dn/OSygfuIt+20ZQ wTmBUj+yFllZaFa/5xhv+x8ZwlU5CUPbkFOiUVyTykl/5GcvMrHzjhhQN9VJZSXsNZ8Kp2Zkr murZPd+OXMZ7fOm+qzUvt3BYuCBUWQoc9v8aCIWKgcRWRapPO+SuZvGHteY1WNejodIfOBq6X obEOdcCtyD2v2JTcGoCzLmAmTaCMBeJo4P4H3ZLPYe8L2JzkT3S9g/ugqtku005hkEhayzdZQ Gz33ogRnDowa40ZxaGrUYLpL6p8iT+NPitwCMl+U1hkiYf5w/Fh79ae+Mhx/gEe3Po91FFJYg JlDoPg1FHGn24dfCIGCn5IXBfR0JozrGdv9kioIAXhKoLeZNRNIY01GQgHX00Qx7x5RfuFDwp YJQ5nqih/BO733XxqWj9jC0pPJZuWz3tUy4Zz9ePIj6di1wFk8fgSlTPcNLo0nv0OHKlfuuj3 jzxmyAgV72WXLUVOYTMctKlKGG+UeDk/VQuLFxiwVrhRueYzhS8v6IjPRsKCdT7AG2y+QPRvH OWUyvv8nkIWEA3tJNl79eQohJsk1H8FHvPg1dUEtz2Z5L0zYqDyWuWK3VpL8m23eNtLy0cEYo uxYCk7pnttkuH8xkSIlmhgYATYGn/+nlxjoA58OGHU/PeEnZsCyn2MlYeQcqK/uxlEXjQhdSU OfNmYbLEqn4vs0PF6l3hcqIdRPGBv16Ty+J7nJ1Osri2/bhSSlKs23/0C/o= Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Jörn Engel noticed that the expand_upwards() function might not return -ENOMEM in case the requested address is (unsigned long)-PAGE_SIZE and if the architecture didn't defined TASK_SIZE as multiple of PAGE_SIZE. Affected architectures are arm, frv, m68k, blackfin, h8300 and xtensa which all define TASK_SIZE as 0xffffffff, but since none of those have an upwards-growing stack we currently have no actual issue. Nevertheless let's fix this just in case any of the architectures with an upward-growing stack (currently parisc, metag and partly ia64) define TASK_SIZE similar. Reported-by: Jörn Engel Fixes: bd726c90b6b8 ("Allow stack to grow up to address space limit") Cc: stable@vger.kernel.org Signed-off-by: Helge Deller diff --git a/mm/mmap.c b/mm/mmap.c index a5e3dcd..cc2fc8a 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -2232,7 +2232,7 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) /* Guard against exceeding limits of the address space. */ address &= PAGE_MASK; - if (address >= TASK_SIZE) + if (address >= (TASK_SIZE & PAGE_MASK)) return -ENOMEM; address += PAGE_SIZE;