aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRam Gupta <ram.gupta5@gmail.com>2006-04-11 01:52:57 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-04-11 09:18:32 -0400
commit1e624196f43c3a62122959e15c5f03572cdadb5d (patch)
tree4196ccebe125c17dabc011422c6ff251835d1933
parentd6fef9da19b7acd46e04b7dbbba726b3febeca94 (diff)
[PATCH] mm: fix bug in brk()
The code checks for newbrk with oldbrk which are page aligned before making a check for the memory limit set of data segment. If the memory limit is not page aligned in that case it bypasses the test for the limit if the memory allocation is still for the same page. Signed-off-by: Ram Gupta <ram.gupta5@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--mm/mmap.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/mm/mmap.c b/mm/mmap.c
index e780d19aa214..eab6fcb65e11 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -220,6 +220,17 @@ asmlinkage unsigned long sys_brk(unsigned long brk)
220 220
221 if (brk < mm->end_code) 221 if (brk < mm->end_code)
222 goto out; 222 goto out;
223
224 /*
225 * Check against rlimit here. If this check is done later after the test
226 * of oldbrk with newbrk then it can escape the test and let the data
227 * segment grow beyond its set limit the in case where the limit is
228 * not page aligned -Ram Gupta
229 */
230 rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
231 if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim)
232 goto out;
233
223 newbrk = PAGE_ALIGN(brk); 234 newbrk = PAGE_ALIGN(brk);
224 oldbrk = PAGE_ALIGN(mm->brk); 235 oldbrk = PAGE_ALIGN(mm->brk);
225 if (oldbrk == newbrk) 236 if (oldbrk == newbrk)
@@ -232,11 +243,6 @@ asmlinkage unsigned long sys_brk(unsigned long brk)
232 goto out; 243 goto out;
233 } 244 }
234 245
235 /* Check against rlimit.. */
236 rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
237 if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim)
238 goto out;
239
240 /* Check against existing mmap mappings. */ 246 /* Check against existing mmap mappings. */
241 if (find_vma_intersection(mm, oldbrk, newbrk+PAGE_SIZE)) 247 if (find_vma_intersection(mm, oldbrk, newbrk+PAGE_SIZE))
242 goto out; 248 goto out;