diff options
| author |   Roman Gushchin <klamm@yandex-team.ru> | 2015-02-11 15:28:42 -0800 |
|---|---|---|
| committer |   Linus Torvalds <torvalds@linux-foundation.org> | 2015-02-11 17:06:07 -0800 |
| commit | 8138a67a5557ffea3a21dfd6f037842d4e748513 (patch) | |
| tree | 437e800e5cead199af4ac5512e5b42c8ff61900b /drivers/tty | |
| parent | mm/mmap.c: fix arithmetic overflow in __vm_enough_memory() (diff) | |
| download | linux-dev-8138a67a5557ffea3a21dfd6f037842d4e748513.tar.xz linux-dev-8138a67a5557ffea3a21dfd6f037842d4e748513.zip | |
mm/nommu.c: fix arithmetic overflow in __vm_enough_memory()
I noticed that "allowed" can easily overflow by falling below 0, because
(total_vm / 32) can be larger than "allowed". The problem occurs in
OVERCOMMIT_NONE mode.
In this case, a huge allocation can success and overcommit the system
(despite OVERCOMMIT_NONE mode). All subsequent allocations will fall
(system-wide), so system become unusable.
The problem was masked out by commit c9b1d0981fcc
("mm: limit growth of 3% hardcoded other user reserve"),
but it's easy to reproduce it on older kernels:
1) set overcommit_memory sysctl to 2
2) mmap() large file multiple times (with VM_SHARED flag)
3) try to malloc() large amount of memory
It also can be reproduced on newer kernels, but miss-configured
sysctl_user_reserve_kbytes is required.
Fix this issue by switching to signed arithmetic here.
Signed-off-by: Roman Gushchin <klamm@yandex-team.ru>
Cc: Andrew Shewmaker <agshew@gmail.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/tty')
0 files changed, 0 insertions, 0 deletions