a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1b528181b2
android_kernel_samsung_univ.../fs
History
Roland McGrath 1b528181b2 setup_arg_pages: diagnose excessive argument size 
The CONFIG_STACK_GROWSDOWN variant of setup_arg_pages() does not
check the size of the argument/environment area on the stack.
When it is unworkably large, shift_arg_pages() hits its BUG_ON.
This is exploitable with a very large RLIMIT_STACK limit, to
create a crash pretty easily.

Check that the initial stack is not too large to make it possible
to map in any executable.  We're not checking that the actual
executable (or intepreter, for binfmt_elf) will fit.  So those
mappings might clobber part of the initial stack mapping.  But
that is just userland lossage that userland made happen, not a
kernel problem.

Signed-off-by: Roland McGrath <roland@redhat.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-09-10 08:10:26 -07:00
..
9p 9p: potential ERR_PTR() dereference 2010-08-30 10:35:28 -05:00
adfs
affs
afs
autofs
autofs4
befs
bfs
btrfs
cachefiles
ceph ceph: fix get_ticket_handler() error handling 2010-08-26 09:26:50 -07:00
cifs Cannot allocate memory error on mount 2010-08-26 16:53:27 +00:00
coda
configfs
cramfs
debugfs
devpts
dlm
ecryptfs eCryptfs: Fix encrypted file name lookup regression 2010-08-27 10:50:53 -05:00
efs
exofs
exportfs
ext2
ext3
ext4
fat
freevxfs
fscache
fuse fuse: fix lock annotations 2010-09-07 13:42:41 +02:00
gfs2
hfs
hfsplus
hostfs
hpfs
hppfs
hugetlbfs
isofs
jbd
jbd2
jffs2
jfs
lockd
logfs
minix minix: fix regression in minix_mkdir() 2010-09-09 18:57:25 -07:00
ncpfs
nfs
nfs_common
nfsd Merge branch 'for-2.6.36' of git://linux-nfs.org/~bfields/linux 2010-09-07 19:21:02 -07:00
nilfs2 nilfs2: fix leak of shadow dat inode in error path of load_nilfs 2010-08-30 10:18:03 +09:00
nls
notify fsnotify: drop two useless bools in the fnsotify main loop 2010-08-27 21:42:11 -04:00
ntfs
ocfs2 ocfs2: Fix orphan add in ocfs2_create_inode_in_orphan 2010-09-08 14:26:00 +08:00
omfs
openpromfs
partitions
proc proc: export uncached bit properly in /proc/kpageflags 2010-09-09 18:57:23 -07:00
qnx4
quota
ramfs
reiserfs
romfs
smbfs
squashfs
sysfs sysfs: checking for NULL instead of ERR_PTR 2010-09-03 17:26:28 -07:00
sysv
ubifs
udf
ufs
xfs Merge branch '2.6.36-xfs-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/xfsdev 2010-09-03 09:02:32 -05:00
aio.c
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c binfmt_misc: fix binfmt_misc priority 2010-09-09 18:57:24 -07:00
binfmt_script.c
binfmt_som.c
bio-integrity.c fs/bio-integrity.c: return -ENOMEM on kmalloc failure 2010-08-23 13:36:59 +02:00
bio.c
block_dev.c
buffer.c
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c
dcache.c
dcookies.c
direct-io.c O_DIRECT: fix the splitting up of contiguous I/O 2010-09-09 18:57:22 -07:00
drop_caches.c
eventfd.c
eventpoll.c
exec.c setup_arg_pages: diagnose excessive argument size 2010-09-10 08:10:26 -07:00
fcntl.c vfs: take O_NONBLOCK out of the O_* uniqueness test 2010-09-09 18:57:25 -07:00
fifo.c
file_table.c
file.c
filesystems.c
fs_struct.c
fs-writeback.c writeback: Fix lost wake-up shutting down writeback thread 2010-08-28 08:52:10 +02:00
generic_acl.c
inode.c
internal.h
ioctl.c
ioprio.c
Kconfig
Kconfig.binfmt
libfs.c
locks.c
Makefile
mbcache.c
mpage.c
namei.c
namespace.c VFS: Sanity check mount flags passed to change_mnt_propagation() 2010-09-07 13:46:20 -07:00
nfsctl.c
no-block.c
open.c
pipe.c
pnode.c
pnode.h
posix_acl.c
read_write.c
read_write.h
readdir.c
select.c
seq_file.c
signalfd.c
splice.c
stack.c
stat.c
statfs.c
super.c
sync.c
timerfd.c
utimes.c
xattr_acl.c
xattr.c