Commit 8869477a49c3e99def1fcdadd6bbc407fea14b45
Committed by
James Morris
1 parent
ab5a91a836
Exists in
master
and in
4 other branches
security: protect from stack expantion into low vm addresses
Add security checks to make sure we are not attempting to expand the stack into memory protected by mmap_min_addr Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 1 changed file with 6 additions and 2 deletions Side-by-side Diff
mm/mmap.c
... | ... | @@ -1615,6 +1615,12 @@ |
1615 | 1615 | */ |
1616 | 1616 | if (unlikely(anon_vma_prepare(vma))) |
1617 | 1617 | return -ENOMEM; |
1618 | + | |
1619 | + address &= PAGE_MASK; | |
1620 | + error = security_file_mmap(0, 0, 0, 0, address, 1); | |
1621 | + if (error) | |
1622 | + return error; | |
1623 | + | |
1618 | 1624 | anon_vma_lock(vma); |
1619 | 1625 | |
1620 | 1626 | /* |
... | ... | @@ -1622,8 +1628,6 @@ |
1622 | 1628 | * is required to hold the mmap_sem in read mode. We need the |
1623 | 1629 | * anon_vma lock to serialize against concurrent expand_stacks. |
1624 | 1630 | */ |
1625 | - address &= PAGE_MASK; | |
1626 | - error = 0; | |
1627 | 1631 | |
1628 | 1632 | /* Somebody else might have raced and expanded it already */ |
1629 | 1633 | if (address < vma->vm_start) { |