Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 2216

kernel-2.6.18-238.el5.src.rpm

From: Jiri Pirko <jpirko@redhat.com>
Date: Thu, 19 Aug 2010 11:28:36 -0400
Subject: [mm] fix up some user-visible effects of stack guard page
Message-id: <1282217317-11853-5-git-send-email-jpirko@redhat.com>
Patchwork-id: 27713
O-Subject: [PATCH RHEL5.6 4/5] mm: fix up some user-visible effects of the stack
	guard page
Bugzilla: 607858
CVE: CVE-2010-2240
RH-Acked-by: Rik van Riel <riel@redhat.com>
RH-Acked-by: Jarod Wilson <jarod@redhat.com>

This commit makes the stack guard page somewhat less visible to user
    space. It does this by:

     - not showing the guard page in /proc/<pid>/maps

       It looks like lvm-tools will actually read /proc/self/maps to figure
       out where all its mappings are, and effectively do a specialized
       "mlockall()" in user space.  By not showing the guard page as part of
       the mapping (by just adding PAGE_SIZE to the start for grows-up
       pages), lvm-tools ends up not being aware of it.

    It would perhaps be nice to show the guard page specially in
    /proc/<pid>/maps (or at least mark grow-down segments some way), but
    let's not open ourselves up to more breakage by user space from programs
    that depends on the exact deails of the 'maps' file.

    Special thanks to Henrique de Moraes Holschuh for diving into lvm-tools
    source code to see what was going on with the whole new warning.

Signed-off-by: Jiri Pirko <jpirko@redhat.com>

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index d055df3..707cb78 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -170,6 +170,7 @@ static int show_map_internal(struct seq_file *m, void *v, struct mem_size_stats
 	struct file *file = vma->vm_file;
 	int flags = vma->vm_flags;
 	unsigned long ino = 0;
+	unsigned long start;
 	dev_t dev = 0;
 	int len;
 
@@ -179,8 +180,13 @@ static int show_map_internal(struct seq_file *m, void *v, struct mem_size_stats
 		ino = inode->i_ino;
 	}
 
+	/* We don't show the stack guard page in /proc/maps */
+	start = vma->vm_start;
+	if (vma->vm_flags & VM_GROWSDOWN)
+		start += PAGE_SIZE;
+
 	seq_printf(m, "%08lx-%08lx %c%c%c%c %08lx %02x:%02x %lu %n",
-			vma->vm_start,
+			start,
 			vma->vm_end,
 			flags & VM_READ ? 'r' : '-',
 			flags & VM_WRITE ? 'w' : '-',

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional