From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Al Viro <viro@zeniv.linux.org.uk>,
Russell King <rmk+kernel@arm.linux.org.uk>
Subject: [ 10/47] ARM: prevent VM_GROWSDOWN mmaps extending below FIRST_USER_ADDRESS
Date: Fri, 18 May 2012 14:26:59 -0700 [thread overview]
Message-ID: <20120518212650.137110817@linuxfoundation.org> (raw)
In-Reply-To: <20120518212701.GA5023@kroah.com>
3.3-stable review patch. If anyone has any objections, please let me know.
------------------
From: Russell King <rmk+kernel@arm.linux.org.uk>
commit 9b61a4d1b2064dbd0c9e61754305ac852170509f upstream.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mm/fault.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -245,7 +245,9 @@ good_area:
return handle_mm_fault(mm, vma, addr & PAGE_MASK, flags);
check_stack:
- if (vma->vm_flags & VM_GROWSDOWN && !expand_stack(vma, addr))
+ /* Don't allow expansion below FIRST_USER_ADDRESS */
+ if (vma->vm_flags & VM_GROWSDOWN &&
+ addr >= FIRST_USER_ADDRESS && !expand_stack(vma, addr))
goto good_area;
out:
return fault;
next prev parent reply other threads:[~2012-05-18 21:26 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-18 21:27 [ 00/47] 3.3.7-stable review Greg KH
2012-05-18 21:26 ` [ 01/47] ALSA: echoaudio: Remove incorrect part of assertion Greg KH
2012-05-18 21:26 ` [ 02/47] ALSA: HDA: Lessen CPU usage when waiting for chip to respond Greg KH
2012-05-18 21:26 ` [ 03/47] ALSA: hda/realtek - Add missing CD-input pin for MSI-7350 mobo Greg KH
2012-05-18 21:26 ` [ 04/47] ALSA: hda/idt - Fix power-map for speaker-pins with some HP laptops Greg KH
2012-05-18 21:26 ` [ 05/47] usbnet: fix skb traversing races during unlink(v2) Greg KH
2012-05-18 21:26 ` [ 06/47] namespaces, pid_ns: fix leakage on fork() failure Greg KH
2012-05-18 21:26 ` [ 07/47] sparc64: Do not clobber %g2 in xcall_fetch_glob_regs() Greg KH
2012-05-18 21:26 ` [ 08/47] media: marvell-cam: fix an ARM build error Greg KH
2012-05-18 21:26 ` [ 09/47] ARM: 7417/1: vfp: ensure preemption is disabled when enabling VFP access Greg KH
2012-05-18 21:26 ` Greg KH [this message]
2012-05-18 21:27 ` [ 11/47] media: s5p-fimc: Fix locking in subdev set_crop op Greg KH
2012-05-18 21:27 ` [ 12/47] media: rc: Postpone ISR registration Greg KH
2012-05-18 21:27 ` [ 13/47] media: dvb_frontend: fix a regression with DVB-S zig-zag Greg KH
2012-05-18 21:27 ` [ 14/47] ASoC: cs42l73: Sync digital mixer kcontrols to allow for 0dB Greg KH
2012-05-18 21:27 ` [ 15/47] ASoC: wm8994: Fix AIF2ADC power down Greg KH
2012-05-18 21:27 ` [ 16/47] cdc_ether: Ignore bogus union descriptor for RNDIS devices Greg KH
2012-05-18 21:27 ` [ 17/47] cdc_ether: add Novatel USB551L device IDs for FLAG_WWAN Greg KH
2012-05-18 21:27 ` [ 18/47] percpu: pcpu_embed_first_chunk() should free unused parts after all allocs are complete Greg KH
2012-05-18 21:27 ` [ 19/47] kmemleak: Fix the kmemleak tracking of the percpu areas with !SMP Greg KH
2012-05-18 21:27 ` [ 20/47] mtd: fix oops in dataflash driver Greg KH
2012-05-18 21:27 ` [ 21/47] hugetlb: prevent BUG_ON in hugetlb_fault() -> hugetlb_cow() Greg KH
2012-05-18 21:27 ` [ 22/47] mm: nobootmem: fix sign extend problem in __free_pages_memory() Greg KH
2012-05-18 21:27 ` [ 23/47] jffs2: Fix lock acquisition order bug in gc path Greg KH
2012-05-18 21:27 ` [ 24/47] arch/tile: apply commit 74fca9da0 to the compat signal handling as well Greg KH
2012-05-18 21:27 ` [ 25/47] crypto: mv_cesa requires on CRYPTO_HASH to build Greg KH
2012-05-18 21:27 ` [ 26/47] target: Drop incorrect se_lun_acl release for dynamic -> explict ACL conversion Greg KH
2012-05-18 21:27 ` [ 27/47] target: Fix SPC-2 RELEASE bug for multi-session iSCSI client setups Greg KH
2012-05-18 21:27 ` [ 28/47] target: Fix bug in handling of FILEIO + block_device resize ops Greg KH
2012-05-18 21:27 ` [ 29/47] virtio: console: tell host of open ports after resume from s3/s4 Greg KH
2012-05-18 21:27 ` [ 30/47] dm mpath: check if scsi_dh module already loaded before trying to load Greg KH
2012-05-18 21:27 ` [ 31/47] e1000: Prevent reset task killing itself Greg KH
2012-05-18 21:27 ` [ 32/47] MD: Add del_timer_sync to mddev_suspend (fix nasty panic) Greg KH
2012-05-18 21:27 ` [ 33/47] tcp: do_tcp_sendpages() must try to push data out on oom conditions Greg KH
2012-05-18 21:27 ` [ 34/47] init: dont try mounting device as nfs root unless type fully matches Greg KH
2012-05-18 21:27 ` [ 35/47] ext4: avoid deadlock on sync-mounted FS w/o journal Greg KH
2012-05-18 21:27 ` [ 36/47] memcg: free spare array to avoid memory leak Greg KH
2012-05-18 21:27 ` [ 37/47] cifs: fix revalidation test in cifs_llseek() Greg KH
2012-05-18 21:27 ` [ 38/47] compat: Fix RT signal mask corruption via sigprocmask Greg KH
2012-05-18 21:27 ` [ 39/47] dl2k: Clean up rio_ioctl Greg KH
2012-05-18 21:27 ` [ 40/47] OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4 Greg KH
2012-05-18 21:27 ` [ 41/47] i2c-eg20t: change timeout value 50msec to 1000msec Greg KH
2012-05-18 21:27 ` [ 42/47] spi-topcliff-pch: Modify pci-bus number dynamically to get DMA device info Greg KH
2012-05-18 21:27 ` [ 43/47] spi-topcliff-pch: Fix issue for transmitting over 4KByte Greg KH
2012-05-18 21:27 ` [ 44/47] spi-topcliff-pch: supports a spi mode setup and bit order setup by IO control Greg KH
2012-05-18 21:27 ` [ 45/47] spi-topcliff-pch: add recovery processing in case wait-event timeout Greg KH
2012-05-18 21:27 ` [ 46/47] Avoid beyond bounds copy while caching ACL Greg KH
2012-05-18 21:27 ` [ 47/47] Avoid reading past buffer when calling GETACL Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120518212650.137110817@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=rmk+kernel@arm.linux.org.uk \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).