diff options
| author |   Suresh Siddha <suresh.b.siddha@intel.com> | 2005-06-21 17:14:32 -0700 |
|---|---|---|
| committer |   Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-06-21 18:46:12 -0700 |
| commit | 84929801e14d968caeb84795bfbb88f04283fbd9 (patch) | |
| tree | 248fa9fd6cfb411a6df3b7f7fb42aa4f9ceca2bf /include/net/route.h | |
| parent | [PATCH] coverity: idr_get_new_above_int() overrun fix (diff) | |
| download | linux-dev-84929801e14d968caeb84795bfbb88f04283fbd9.tar.xz linux-dev-84929801e14d968caeb84795bfbb88f04283fbd9.zip | |
[PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes
Appended patch will setup compatibility mode TASK_SIZE properly. This will
fix atleast three known bugs that can be encountered while running
compatibility mode apps.
a) A malicious 32bit app can have an elf section at 0xffffe000. During
exec of this app, we will have a memory leak as insert_vm_struct() is
not checking for return value in syscall32_setup_pages() and thus not
freeing the vma allocated for the vsyscall page. And instead of exec
failing (as it has addresses > TASK_SIZE), we were allowing it to
succeed previously.
b) With a 32bit app, hugetlb_get_unmapped_area/arch_get_unmapped_area
may return addresses beyond 32bits, ultimately causing corruption
because of wrap-around and resulting in SEGFAULT, instead of returning
ENOMEM.
c) 32bit app doing this below mmap will now fail.
mmap((void *)(0xFFFFE000UL), 0x10000UL, PROT_READ|PROT_WRITE,
MAP_FIXED|MAP_PRIVATE|MAP_ANON, 0, 0);
Signed-off-by: Zou Nan hai <nanhai.zou@intel.com>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Andi Kleen <ak@muc.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/net/route.h')
0 files changed, 0 insertions, 0 deletions