diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-27 08:36:04 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-27 08:36:04 -0800 |
commit | 09884964335e85e897876d17783c2ad33cf8a2e0 (patch) | |
tree | 4cf0ea71bb20c8d81147614e90e53df3368405e5 /virt/kvm/assigned-dev.c | |
parent | d895cb1af15c04c522a25c79cc429076987c089b (diff) | |
download | op-kernel-dev-09884964335e85e897876d17783c2ad33cf8a2e0.zip op-kernel-dev-09884964335e85e897876d17783c2ad33cf8a2e0.tar.gz |
mm: do not grow the stack vma just because of an overrun on preceding vma
The stack vma is designed to grow automatically (marked with VM_GROWSUP
or VM_GROWSDOWN depending on architecture) when an access is made beyond
the existing boundary. However, particularly if you have not limited
your stack at all ("ulimit -s unlimited"), this can cause the stack to
grow even if the access was really just one past *another* segment.
And that's wrong, especially since we first grow the segment, but then
immediately later enforce the stack guard page on the last page of the
segment. So _despite_ first growing the stack segment as a result of
the access, the kernel will then make the access cause a SIGSEGV anyway!
So do the same logic as the guard page check does, and consider an
access to within one page of the next segment to be a bad access, rather
than growing the stack to abut the next segment.
Reported-and-tested-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'virt/kvm/assigned-dev.c')
0 files changed, 0 insertions, 0 deletions