aboutsummaryrefslogtreecommitdiffstats
path: root/arch/sparc64/kernel
diff options
context:
space:
mode:
authorKirill Korotaev <dev@openvz.org>2006-09-07 06:17:04 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-09-08 11:40:46 -0400
commit3a459756810912d2c2bf188cef566af255936b4d (patch)
tree1b52d90a2412811ebf5078b4f55112864e1890df /arch/sparc64/kernel
parent10387e5eb45c6e48d67102b88229f5bc6037461c (diff)
[PATCH] IA64,sparc: local DoS with corrupted ELFs
This prevents cross-region mappings on IA64 and SPARC which could lead to system crash. They were correctly trapped for normal mmap() calls, but not for the kernel internal calls generated by executable loading. This code just moves the architecture-specific cross-region checks into an arch-specific "arch_mmap_check()" macro, and defines that for the architectures that needed it (ia64, sparc and sparc64). Architectures that don't have any special requirements can just ignore the new cross-region check, since the mmap() code will just notice on its own when the macro isn't defined. Signed-off-by: Pavel Emelianov <xemul@openvz.org> Signed-off-by: Kirill Korotaev <dev@openvz.org> Acked-by: David Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> [ Cleaned up to not affect architectures that don't need it ] Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'arch/sparc64/kernel')
-rw-r--r--arch/sparc64/kernel/sys_sparc.c36
1 files changed, 20 insertions, 16 deletions
diff --git a/arch/sparc64/kernel/sys_sparc.c b/arch/sparc64/kernel/sys_sparc.c
index 054d0abdb7ee..bf5f14ee73de 100644
--- a/arch/sparc64/kernel/sys_sparc.c
+++ b/arch/sparc64/kernel/sys_sparc.c
@@ -548,6 +548,26 @@ asmlinkage long sparc64_personality(unsigned long personality)
548 return ret; 548 return ret;
549} 549}
550 550
551int sparc64_mmap_check(unsigned long addr, unsigned long len,
552 unsigned long flags)
553{
554 if (test_thread_flag(TIF_32BIT)) {
555 if (len >= STACK_TOP32)
556 return -EINVAL;
557
558 if ((flags & MAP_FIXED) && addr > STACK_TOP32 - len)
559 return -EINVAL;
560 } else {
561 if (len >= VA_EXCLUDE_START)
562 return -EINVAL;
563
564 if ((flags & MAP_FIXED) && invalid_64bit_range(addr, len))
565 return -EINVAL;
566 }
567
568 return 0;
569}
570
551/* Linux version of mmap */ 571/* Linux version of mmap */
552asmlinkage unsigned long sys_mmap(unsigned long addr, unsigned long len, 572asmlinkage unsigned long sys_mmap(unsigned long addr, unsigned long len,
553 unsigned long prot, unsigned long flags, unsigned long fd, 573 unsigned long prot, unsigned long flags, unsigned long fd,
@@ -563,27 +583,11 @@ asmlinkage unsigned long sys_mmap(unsigned long addr, unsigned long len,
563 } 583 }
564 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); 584 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
565 len = PAGE_ALIGN(len); 585 len = PAGE_ALIGN(len);
566 retval = -EINVAL;
567
568 if (test_thread_flag(TIF_32BIT)) {
569 if (len >= STACK_TOP32)
570 goto out_putf;
571
572 if ((flags & MAP_FIXED) && addr > STACK_TOP32 - len)
573 goto out_putf;
574 } else {
575 if (len >= VA_EXCLUDE_START)
576 goto out_putf;
577
578 if ((flags & MAP_FIXED) && invalid_64bit_range(addr, len))
579 goto out_putf;
580 }
581 586
582 down_write(&current->mm->mmap_sem); 587 down_write(&current->mm->mmap_sem);
583 retval = do_mmap(file, addr, len, prot, flags, off); 588 retval = do_mmap(file, addr, len, prot, flags, off);
584 up_write(&current->mm->mmap_sem); 589 up_write(&current->mm->mmap_sem);
585 590
586out_putf:
587 if (file) 591 if (file)
588 fput(file); 592 fput(file);
589out: 593out: