From: Danny Feng <dfeng@redhat.com>
Date: Fri, 29 Jan 2010 09:26:21 -0500
Subject: [mm] get rid of open-coding in ia64_brk
Message-id: <20100129092633.4587.95586.sendpatchset@dhcp-65-180.nay.redhat.com>
Patchwork-id: 22993
O-Subject: [PATCH RHEL5.5 9/12 BZ556710 CVE-2010-0291] Get rid of open-coding in
ia64_brk()
Bugzilla: 556710
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
RH-Acked-by: Larry Woodman <lwoodman@redhat.com>
backport of upstream commit bb52d6694002b9d632bb355f64daa045c6293a4e
Subject: [PATCH] Get rid of open-coding in ia64_brk()
The comment in there used to be true, but these days do_brk() does
the arch-specific check that covers what we open-coded here. So we
can use sys_brk() just fine, only need to do force_successful_syscall_return()
after it.
See commit 3a459756810912d2c2bf188cef566af255936b4d - that's when the
checks in do_brk() had been originally added.
Acked-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c
index 7cb5298..8e78aab 100644
--- a/arch/ia64/kernel/sys_ia64.c
+++ b/arch/ia64/kernel/sys_ia64.c
@@ -94,51 +94,7 @@ sys_getpagesize (void)
asmlinkage unsigned long
ia64_brk (unsigned long brk)
{
- unsigned long rlim, retval, newbrk, oldbrk;
- struct mm_struct *mm = current->mm;
-
- /*
- * Most of this replicates the code in sys_brk() except for an additional safety
- * check and the clearing of r8. However, we can't call sys_brk() because we need
- * to acquire the mmap_sem before we can do the test...
- */
- down_write(&mm->mmap_sem);
-
- if (brk < mm->end_code)
- goto out;
- newbrk = PAGE_ALIGN(brk);
- oldbrk = PAGE_ALIGN(mm->brk);
- if (oldbrk == newbrk)
- goto set_brk;
-
- /* Always allow shrinking brk. */
- if (brk <= mm->brk) {
- if (!do_munmap(mm, newbrk, oldbrk-newbrk))
- goto set_brk;
- goto out;
- }
-
- /* Check against unimplemented/unmapped addresses: */
- if ((newbrk - oldbrk) > RGN_MAP_LIMIT || REGION_OFFSET(newbrk) > RGN_MAP_LIMIT)
- goto out;
-
- /* Check against rlimit.. */
- rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
- if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim)
- goto out;
-
- /* Check against existing mmap mappings. */
- if (find_vma_intersection(mm, oldbrk, newbrk+PAGE_SIZE))
- goto out;
-
- /* Ok, looks good - let it rip. */
- if (do_brk(oldbrk, newbrk-oldbrk) != oldbrk)
- goto out;
-set_brk:
- mm->brk = brk;
-out:
- retval = mm->brk;
- up_write(&mm->mmap_sem);
+ unsigned long retval = sys_brk(brk);
force_successful_syscall_return();
return retval;
}
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
2222
