Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 2297

kernel-2.6.18-238.el5.src.rpm

From: Danny Feng <dfeng@redhat.com>
Date: Fri, 29 Jan 2010 09:26:37 -0500
Subject: [mm] switch do_brk to get_unmapped_area
Message-id: <20100129092649.4587.94918.sendpatchset@dhcp-65-180.nay.redhat.com>
Patchwork-id: 22996
O-Subject: [PATCH RHEL5.5 11/12 BZ556710 CVE-2010-0291] switch do_brk() to
	get_unmapped_area()
Bugzilla: 556710
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
RH-Acked-by: Larry Woodman <lwoodman@redhat.com>

backport of upstream commit 2c6a10161d0b5fc047b5bd81b03693b9af99fab5

Subject: [PATCH] switch do_brk() to get_unmapped_area()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/mm/mmap.c b/mm/mmap.c
index d720106..84b1a65 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2037,18 +2037,14 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
 	if (!len)
 		return addr;
 
-	if (((addr + len) > TASK_SIZE) || ((addr + len) < addr) ||
-			is_hugepage_only_range(mm, addr, len))
-		return -EINVAL;
-
 	error = security_file_mmap_addr(0, 0, 0, 0, addr, 1);
 	if (error)
 		return error;
 
 	flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
 
-	error = arch_mmap_check(addr, len, flags);
-	if (error)
+	error = get_unmapped_area(NULL, addr, len, 0, MAP_FIXED);
+	if (error & ~PAGE_MASK)
 		return error;
 
 	/*

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional