From: Rich Felker Date: Thu, 20 Aug 2015 19:11:06 +0000 (-0400) Subject: fs/binfmt_elf_fdpic.c: fix brk area overlap with stack on NOMMU X-Git-Tag: firefly_0821_release~176^2~751^2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=4ac313111018cb44ecc250445de5ccb93026a980;p=firefly-linux-kernel-4.4.55.git fs/binfmt_elf_fdpic.c: fix brk area overlap with stack on NOMMU On NOMMU archs, the FDPIC ELF loader sets up the usable brk range to overlap with all but the last PAGE_SIZE bytes of the stack. This leads to catastrophic memory reuse/corruption if brk is used. Fix by setting the brk area to zero size to disable its use. Signed-off-by: Rich Felker Acked-by: David Howells Signed-off-by: Greg Ungerer --- diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index d3634bfb7fe1..d2b079afed0e 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c @@ -374,10 +374,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm) PAGE_ALIGN(current->mm->start_brk); #else - /* create a stack and brk area big enough for everyone - * - the brk heap starts at the bottom and works up - * - the stack starts at the top and works down - */ + /* create a stack area and zero-size brk area */ stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK; if (stack_size < PAGE_SIZE * 2) stack_size = PAGE_SIZE * 2; @@ -400,8 +397,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm) current->mm->brk = current->mm->start_brk; current->mm->context.end_brk = current->mm->start_brk; - current->mm->context.end_brk += - (stack_size > PAGE_SIZE) ? (stack_size - PAGE_SIZE) : 0; current->mm->start_stack = current->mm->start_brk + stack_size; #endif