Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8869477a authored by Eric Paris's avatar Eric Paris Committed by James Morris
Browse files

security: protect from stack expantion into low vm addresses 



Add security checks to make sure we are not attempting to expand the
stack into memory protected by mmap_min_addr

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent ab5a91a8

mm/mmap.c

+6 −2
Original line number Diff line number Diff line
@@ -1615,6 +1615,12 @@ static inline int expand_downwards(struct vm_area_struct *vma, 
	 */

	if (unlikely(anon_vma_prepare(vma)))

		return -ENOMEM;



	address &= PAGE_MASK;

	error = security_file_mmap(0, 0, 0, 0, address, 1);

	if (error)

		return error;



	anon_vma_lock(vma);



	/*
@@ -1622,8 +1628,6 @@ static inline int expand_downwards(struct vm_area_struct *vma, 
	 * is required to hold the mmap_sem in read mode.  We need the

	 * anon_vma lock to serialize against concurrent expand_stacks.

	 */

	address &= PAGE_MASK;

	error = 0;



	/* Somebody else might have raced and expanded it already */

	if (address < vma->vm_start) {