From 8869477a49c3e99def1fcdadd6bbc407fea14b45 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Mon, 26 Nov 2007 18:47:26 -0500 Subject: security: protect from stack expantion into low vm addresses Add security checks to make sure we are not attempting to expand the stack into memory protected by mmap_min_addr Signed-off-by: Eric Paris Signed-off-by: James Morris --- mm/mmap.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'mm/mmap.c') diff --git a/mm/mmap.c b/mm/mmap.c index facc1a75bd4f..938313c76d02 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1615,6 +1615,12 @@ static inline int expand_downwards(struct vm_area_struct *vma, */ if (unlikely(anon_vma_prepare(vma))) return -ENOMEM; + + address &= PAGE_MASK; + error = security_file_mmap(0, 0, 0, 0, address, 1); + if (error) + return error; + anon_vma_lock(vma); /* @@ -1622,8 +1628,6 @@ static inline int expand_downwards(struct vm_area_struct *vma, * is required to hold the mmap_sem in read mode. We need the * anon_vma lock to serialize against concurrent expand_stacks. */ - address &= PAGE_MASK; - error = 0; /* Somebody else might have raced and expanded it already */ if (address < vma->vm_start) { -- cgit v1.2.3