diff options
author | Rich Felker <dalias@libc.org> | 2015-08-20 15:11:06 -0400 |
---|---|---|
committer | Greg Ungerer <gerg@uclinux.org> | 2015-10-26 09:02:32 +1000 |
commit | 4ac313111018cb44ecc250445de5ccb93026a980 (patch) | |
tree | 6502ee373ecfe22c40afaf79d19122788796a562 /fs/binfmt_elf_fdpic.c | |
parent | 32b88194f71d6ae7768a29f87fbba454728273ee (diff) | |
download | linux-4ac313111018cb44ecc250445de5ccb93026a980.tar.gz linux-4ac313111018cb44ecc250445de5ccb93026a980.tar.bz2 linux-4ac313111018cb44ecc250445de5ccb93026a980.zip |
fs/binfmt_elf_fdpic.c: fix brk area overlap with stack on NOMMU
On NOMMU archs, the FDPIC ELF loader sets up the usable brk range to
overlap with all but the last PAGE_SIZE bytes of the stack. This leads
to catastrophic memory reuse/corruption if brk is used. Fix by setting
the brk area to zero size to disable its use.
Signed-off-by: Rich Felker <dalias@libc.org>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Diffstat (limited to 'fs/binfmt_elf_fdpic.c')
-rw-r--r-- | fs/binfmt_elf_fdpic.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index d3634bfb7fe1..d2b079afed0e 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c @@ -374,10 +374,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm) PAGE_ALIGN(current->mm->start_brk); #else - /* create a stack and brk area big enough for everyone - * - the brk heap starts at the bottom and works up - * - the stack starts at the top and works down - */ + /* create a stack area and zero-size brk area */ stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK; if (stack_size < PAGE_SIZE * 2) stack_size = PAGE_SIZE * 2; @@ -400,8 +397,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm) current->mm->brk = current->mm->start_brk; current->mm->context.end_brk = current->mm->start_brk; - current->mm->context.end_brk += - (stack_size > PAGE_SIZE) ? (stack_size - PAGE_SIZE) : 0; current->mm->start_stack = current->mm->start_brk + stack_size; #endif |