err.no Git - linux-2.6/commit

author	Suresh Siddha <suresh.b.siddha@intel.com>
	Wed, 22 Jun 2005 00:14:32 +0000 (17:14 -0700)
committer	Linus Torvalds <torvalds@ppc970.osdl.org>
	Wed, 22 Jun 2005 01:46:12 +0000 (18:46 -0700)
commit	84929801e14d968caeb84795bfbb88f04283fbd9
tree	248fa9fd6cfb411a6df3b7f7fb42aa4f9ceca2bf	tree \| snapshot
parent	589777eab7360894b7ca1c4ba9d252e03b51225b	commit \| diff

[PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes

Appended patch will setup compatibility mode TASK_SIZE properly.  This will
fix atleast three known bugs that can be encountered while running
compatibility mode apps.

a) A malicious 32bit app can have an elf section at 0xffffe000.  During
   exec of this app, we will have a memory leak as insert_vm_struct() is
   not checking for return value in syscall32_setup_pages() and thus not
   freeing the vma allocated for the vsyscall page.  And instead of exec
   failing (as it has addresses > TASK_SIZE), we were allowing it to
   succeed previously.

b) With a 32bit app, hugetlb_get_unmapped_area/arch_get_unmapped_area
   may return addresses beyond 32bits, ultimately causing corruption
   because of wrap-around and resulting in SEGFAULT, instead of returning
   ENOMEM.

c) 32bit app doing this below mmap will now fail.

  mmap((void *)(0xFFFFE000UL), 0x10000UL, PROT_READ|PROT_WRITE,
MAP_FIXED|MAP_PRIVATE|MAP_ANON, 0, 0);

Signed-off-by: Zou Nan hai <nanhai.zou@intel.com>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Andi Kleen <ak@muc.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

arch/x86_64/ia32/ia32_binfmt.c		diff \| blob \| history
arch/x86_64/kernel/process.c		diff \| blob \| history
arch/x86_64/kernel/ptrace.c		diff \| blob \| history
arch/x86_64/kernel/sys_x86_64.c		diff \| blob \| history
arch/x86_64/mm/fault.c		diff \| blob \| history
include/asm-x86_64/a.out.h		diff \| blob \| history
include/asm-x86_64/processor.h		diff \| blob \| history