From: Jiri Pirko <jpirko@redhat.com>
Date: Thu, 19 Aug 2010 11:32:22 -0400
Subject: [mm] fix missing unmap for stack guard page failure case
Message-id: <20100819113221.GA2762@psychotron.brq.redhat.com>
Patchwork-id: 27716
O-Subject: [PATCH RHEL5.6 2/5] mm: fix missing page table unmap for stack guard
page failure case
Bugzilla: 607858
CVE: CVE-2010-2240
RH-Acked-by: Rik van Riel <riel@redhat.com>
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
.. which didn't show up in my tests because it's a no-op on x86-64 and
most other architectures. But we enter the function with the last-level
page table mapped, and should unmap it at exit.
Signed-off-by: Jiri Pirko <jpirko@redhat.com>
diff --git a/mm/memory.c b/mm/memory.c
index fef663d..2be90cb 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2385,8 +2385,10 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
spinlock_t *ptl;
pte_t entry;
- if (check_stack_guard_page(vma, address) < 0)
+ if (check_stack_guard_page(vma, address) < 0) {
+ pte_unmap(page_table);
return VM_FAULT_SIGBUS;
+ }
if (write_access) {
/* Allocate our own private page. */
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
2199
