fs/binfmt_elf_fdpic.c: fix brk area overlap with stack on NOMMU
authorRich Felker <dalias@libc.org>
Thu, 20 Aug 2015 19:11:06 +0000 (15:11 -0400)
committerGreg Ungerer <gerg@uclinux.org>
Sun, 25 Oct 2015 23:02:32 +0000 (09:02 +1000)
On NOMMU archs, the FDPIC ELF loader sets up the usable brk range to
overlap with all but the last PAGE_SIZE bytes of the stack. This leads
to catastrophic memory reuse/corruption if brk is used. Fix by setting
the brk area to zero size to disable its use.

Signed-off-by: Rich Felker <dalias@libc.org>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
fs/binfmt_elf_fdpic.c

index d3634bfb7fe187b4de899e809188319c08b6ac23..d2b079afed0e627e817d061c8861da4bcb4755df 100644 (file)
@@ -374,10 +374,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
                PAGE_ALIGN(current->mm->start_brk);
 
 #else
-       /* create a stack and brk area big enough for everyone
-        * - the brk heap starts at the bottom and works up
-        * - the stack starts at the top and works down
-        */
+       /* create a stack area and zero-size brk area */
        stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK;
        if (stack_size < PAGE_SIZE * 2)
                stack_size = PAGE_SIZE * 2;
@@ -400,8 +397,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
 
        current->mm->brk = current->mm->start_brk;
        current->mm->context.end_brk = current->mm->start_brk;
-       current->mm->context.end_brk +=
-               (stack_size > PAGE_SIZE) ? (stack_size - PAGE_SIZE) : 0;
        current->mm->start_stack = current->mm->start_brk + stack_size;
 #endif