From: Eric Paris Date: Mon, 26 Nov 2007 23:47:26 +0000 (-0500) Subject: security: protect from stack expantion into low vm addresses X-Git-Tag: v2.6.24-rc5~63^2~2 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8869477a49c3e99def1fcdadd6bbc407fea14b45;p=linux-2.6 security: protect from stack expantion into low vm addresses Add security checks to make sure we are not attempting to expand the stack into memory protected by mmap_min_addr Signed-off-by: Eric Paris Signed-off-by: James Morris --- diff --git a/mm/mmap.c b/mm/mmap.c index facc1a75bd..938313c76d 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1615,6 +1615,12 @@ static inline int expand_downwards(struct vm_area_struct *vma, */ if (unlikely(anon_vma_prepare(vma))) return -ENOMEM; + + address &= PAGE_MASK; + error = security_file_mmap(0, 0, 0, 0, address, 1); + if (error) + return error; + anon_vma_lock(vma); /* @@ -1622,8 +1628,6 @@ static inline int expand_downwards(struct vm_area_struct *vma, * is required to hold the mmap_sem in read mode. We need the * anon_vma lock to serialize against concurrent expand_stacks. */ - address &= PAGE_MASK; - error = 0; /* Somebody else might have raced and expanded it already */ if (address < vma->vm_start) {