mm, aout: handle vm_brk failures

vm_brk is allowed to fail but load_aout_binary simply ignores the error and happily continues. I haven't noticed any problem from that in real life but later patches will make the failure more likely because vm_brk will become killable (resp. mmap_sem for write waiting will become killable) so we should be more careful now. The error handling should be quite straightforward because there are calls to vm_mmap which check the error properly already. The only notable exception is set_brk which is called after beyond_if label. But nothing indicates that we cannot move it above set_binfmt as the two do not depend on each other and fail before we do set_binfmt and alter reference counting. Signed-off-by: Michal Hocko <mhocko@suse.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@kernel.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Michal Hocko <mhocko@suse.com> 2016-05-23 19:25:36 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2016-05-23 20:04:14 -0400
commit: 864778b154233d3a673c520aa9606777589ecee7 (patch)
tree: 422b045224098ec95b23b1da8a441e25ee52288e
parent: ae7987835643e470cb220e6685bd36d92179ef9c (diff)
2 files changed, 23 insertions, 10 deletions
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
index ae6aad1d24f7..f5e737ff0022 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -116,13 +116,13 @@ static struct linux_binfmt aout_format = {
        .min_coredump   = PAGE_SIZE
 };
-static void set_brk(unsigned long start, unsigned long end)
+static unsigned long set_brk(unsigned long start, unsigned long end)
 {
        start = PAGE_ALIGN(start);
        end = PAGE_ALIGN(end);
        if (end <= start)
-                return;
+                return start;
-        vm_brk(start, end - start);
+        return vm_brk(start, end - start);
 }
 #ifdef CONFIG_COREDUMP
@@ -349,7 +349,10 @@ static int load_aout_binary(struct linux_binprm *bprm)
 #endif
                if (!bprm->file->f_op->mmap || (fd_offset & ~PAGE_MASK) != 0) {
-                        vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
+                        error = vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
+                        if (IS_ERR_VALUE(error))
+                                return error;
                        read_code(bprm->file, N_TXTADDR(ex), fd_offset,
                                        ex.a_text+ex.a_data);
                        goto beyond_if;
@@ -372,10 +375,13 @@ static int load_aout_binary(struct linux_binprm *bprm)
                if (error != N_DATADDR(ex))
                        return error;
        }
 beyond_if:
-        set_binfmt(&aout_format);
+        error = set_brk(current->mm->start_brk, current->mm->brk);
+        if (IS_ERR_VALUE(error))
+                return error;
-        set_brk(current->mm->start_brk, current->mm->brk);
+        set_binfmt(&aout_format);
        current->mm->start_stack =
                (unsigned long)create_aout_tables((char __user *)bprm->p, bprm);
@@ -434,7 +440,9 @@ static int load_aout_library(struct file *file)
                        error_time = jiffies;
                }
 #endif
-                vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
+                retval = vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
+                if (IS_ERR_VALUE(retval))
+                        goto out;
                read_code(file, start_addr, N_TXTOFF(ex),
                          ex.a_text + ex.a_data);
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index 4c556680fa74..2fab9f130e51 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -297,7 +297,10 @@ static int load_aout_binary(struct linux_binprm * bprm)
                }
                if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) {
-                        vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
+                        error = vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
+                        if (IS_ERR_VALUE(error))
+                                return error;
                        read_code(bprm->file, N_TXTADDR(ex), fd_offset,
                                  ex.a_text + ex.a_data);
                        goto beyond_if;
@@ -378,8 +381,10 @@ static int load_aout_library(struct file *file)
                               "N_TXTOFF is not page aligned. Please convert library: %pD\n",
                               file);
                }
-                vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
+                retval = vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
-                
+                if (IS_ERR_VALUE(retval))
+                        goto out;
                read_code(file, start_addr, N_TXTOFF(ex),
                          ex.a_text + ex.a_data);
                retval = 0;
author	Michal Hocko <mhocko@suse.com>	2016-05-23 19:25:36 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2016-05-23 20:04:14 -0400
commit	864778b154233d3a673c520aa9606777589ecee7 (patch)
tree	422b045224098ec95b23b1da8a441e25ee52288e
parent	ae7987835643e470cb220e6685bd36d92179ef9c (diff)

diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c index ae6aad1d24f7..f5e737ff0022 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c
@@ -116,13 +116,13 @@ static struct linux_binfmt aout_format = {
116	.min_coredump = PAGE_SIZE	116	.min_coredump = PAGE_SIZE
117	};	117	};
118		118
119	static void set_brk(unsigned long start, unsigned long end)	119	static unsigned long set_brk(unsigned long start, unsigned long end)
120	{	120	{
121	start = PAGE_ALIGN(start);	121	start = PAGE_ALIGN(start);
122	end = PAGE_ALIGN(end);	122	end = PAGE_ALIGN(end);
123	if (end <= start)	123	if (end <= start)
124	return;	124	return start;
125	vm_brk(start, end - start);	125	return vm_brk(start, end - start);
126	}	126	}
127		127
128	#ifdef CONFIG_COREDUMP	128	#ifdef CONFIG_COREDUMP
@@ -349,7 +349,10 @@ static int load_aout_binary(struct linux_binprm *bprm)
349	#endif	349	#endif
350		350
351	if (!bprm->file->f_op->mmap \|\| (fd_offset & ~PAGE_MASK) != 0) {	351	if (!bprm->file->f_op->mmap \|\| (fd_offset & ~PAGE_MASK) != 0) {
352	vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);	352	error = vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
		353	if (IS_ERR_VALUE(error))
		354	return error;
		355
353	read_code(bprm->file, N_TXTADDR(ex), fd_offset,	356	read_code(bprm->file, N_TXTADDR(ex), fd_offset,
354	ex.a_text+ex.a_data);	357	ex.a_text+ex.a_data);
355	goto beyond_if;	358	goto beyond_if;
@@ -372,10 +375,13 @@ static int load_aout_binary(struct linux_binprm *bprm)
372	if (error != N_DATADDR(ex))	375	if (error != N_DATADDR(ex))
373	return error;	376	return error;
374	}	377	}
		378
375	beyond_if:	379	beyond_if:
376	set_binfmt(&aout_format);	380	error = set_brk(current->mm->start_brk, current->mm->brk);
		381	if (IS_ERR_VALUE(error))
		382	return error;
377		383
378	set_brk(current->mm->start_brk, current->mm->brk);	384	set_binfmt(&aout_format);
379		385
380	current->mm->start_stack =	386	current->mm->start_stack =
381	(unsigned long)create_aout_tables((char __user *)bprm->p, bprm);	387	(unsigned long)create_aout_tables((char __user *)bprm->p, bprm);
@@ -434,7 +440,9 @@ static int load_aout_library(struct file *file)
434	error_time = jiffies;	440	error_time = jiffies;
435	}	441	}
436	#endif	442	#endif
437	vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);	443	retval = vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
		444	if (IS_ERR_VALUE(retval))
		445	goto out;
438		446
439	read_code(file, start_addr, N_TXTOFF(ex),	447	read_code(file, start_addr, N_TXTOFF(ex),
440	ex.a_text + ex.a_data);	448	ex.a_text + ex.a_data);


diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c index 4c556680fa74..2fab9f130e51 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c
@@ -297,7 +297,10 @@ static int load_aout_binary(struct linux_binprm * bprm)
297	}	297	}
298		298
299	if (!bprm->file->f_op->mmap\|\|((fd_offset & ~PAGE_MASK) != 0)) {	299	if (!bprm->file->f_op->mmap\|\|((fd_offset & ~PAGE_MASK) != 0)) {
300	vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);	300	error = vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
		301	if (IS_ERR_VALUE(error))
		302	return error;
		303
301	read_code(bprm->file, N_TXTADDR(ex), fd_offset,	304	read_code(bprm->file, N_TXTADDR(ex), fd_offset,
302	ex.a_text + ex.a_data);	305	ex.a_text + ex.a_data);
303	goto beyond_if;	306	goto beyond_if;
@@ -378,8 +381,10 @@ static int load_aout_library(struct file *file)
378	"N_TXTOFF is not page aligned. Please convert library: %pD\n",	381	"N_TXTOFF is not page aligned. Please convert library: %pD\n",
379	file);	382	file);
380	}	383	}
381	vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);	384	retval = vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
382		385	if (IS_ERR_VALUE(retval))
		386	goto out;
		387
383	read_code(file, start_addr, N_TXTOFF(ex),	388	read_code(file, start_addr, N_TXTOFF(ex),
384	ex.a_text + ex.a_data);	389	ex.a_text + ex.a_data);
385	retval = 0;	390	retval = 0;