summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@libc.org>2015-08-20 15:11:06 -0400
committerGreg Ungerer <gerg@uclinux.org>2015-10-26 09:02:32 +1000
commit4ac313111018cb44ecc250445de5ccb93026a980 (patch)
tree6502ee373ecfe22c40afaf79d19122788796a562
parent32b88194f71d6ae7768a29f87fbba454728273ee (diff)
fs/binfmt_elf_fdpic.c: fix brk area overlap with stack on NOMMU
On NOMMU archs, the FDPIC ELF loader sets up the usable brk range to overlap with all but the last PAGE_SIZE bytes of the stack. This leads to catastrophic memory reuse/corruption if brk is used. Fix by setting the brk area to zero size to disable its use. Signed-off-by: Rich Felker <dalias@libc.org> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Greg Ungerer <gerg@uclinux.org>
-rw-r--r--fs/binfmt_elf_fdpic.c7
1 files changed, 1 insertions, 6 deletions
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index d3634bfb7fe1..d2b079afed0e 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -374,10 +374,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
PAGE_ALIGN(current->mm->start_brk);
#else
- /* create a stack and brk area big enough for everyone
- * - the brk heap starts at the bottom and works up
- * - the stack starts at the top and works down
- */
+ /* create a stack area and zero-size brk area */
stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK;
if (stack_size < PAGE_SIZE * 2)
stack_size = PAGE_SIZE * 2;
@@ -400,8 +397,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
current->mm->brk = current->mm->start_brk;
current->mm->context.end_brk = current->mm->start_brk;
- current->mm->context.end_brk +=
- (stack_size > PAGE_SIZE) ? (stack_size - PAGE_SIZE) : 0;
current->mm->start_stack = current->mm->start_brk + stack_size;
#endif