aboutsummaryrefslogtreecommitdiffstats
path: root/mm/mmap.c
diff options
context:
space:
mode:
authorAlan Cox <alan@lxorguk.ukuu.org.uk>2007-08-22 17:01:28 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-08-22 22:52:45 -0400
commit34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7 (patch)
tree91d620288f1aaf63c12dc84ca1015465818601f2 /mm/mmap.c
parentafe1ab4d577892822de2c8e803fbfaed6ec44ba3 (diff)
fix NULL pointer dereference in __vm_enough_memory()
The new exec code inserts an accounted vma into an mm struct which is not current->mm. The existing memory check code has a hard coded assumption that this does not happen as does the security code. As the correct mm is known we pass the mm to the security method and the helper function. A new security test is added for the case where we need to pass the mm and the existing one is modified to pass current->mm to avoid the need to change large amounts of code. (Thanks to Tobias for fixing rejects and testing) Signed-off-by: Alan Cox <alan@redhat.com> Cc: WU Fengguang <wfg@mail.ustc.edu.cn> Cc: James Morris <jmorris@redhat.com> Cc: Tobias Diedrich <ranma+kernel@tdiedrich.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/mmap.c')
-rw-r--r--mm/mmap.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/mm/mmap.c b/mm/mmap.c
index b6537211b9cc..0d40e66c841b 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -93,7 +93,7 @@ atomic_t vm_committed_space = ATOMIC_INIT(0);
93 * Note this is a helper function intended to be used by LSMs which 93 * Note this is a helper function intended to be used by LSMs which
94 * wish to use this logic. 94 * wish to use this logic.
95 */ 95 */
96int __vm_enough_memory(long pages, int cap_sys_admin) 96int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
97{ 97{
98 unsigned long free, allowed; 98 unsigned long free, allowed;
99 99
@@ -166,7 +166,7 @@ int __vm_enough_memory(long pages, int cap_sys_admin)
166 166
167 /* Don't let a single process grow too big: 167 /* Don't let a single process grow too big:
168 leave 3% of the size of this process for other processes */ 168 leave 3% of the size of this process for other processes */
169 allowed -= current->mm->total_vm / 32; 169 allowed -= mm->total_vm / 32;
170 170
171 /* 171 /*
172 * cast `allowed' as a signed long because vm_committed_space 172 * cast `allowed' as a signed long because vm_committed_space
@@ -2077,7 +2077,7 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
2077 if (__vma && __vma->vm_start < vma->vm_end) 2077 if (__vma && __vma->vm_start < vma->vm_end)
2078 return -ENOMEM; 2078 return -ENOMEM;
2079 if ((vma->vm_flags & VM_ACCOUNT) && 2079 if ((vma->vm_flags & VM_ACCOUNT) &&
2080 security_vm_enough_memory(vma_pages(vma))) 2080 security_vm_enough_memory_mm(mm, vma_pages(vma)))
2081 return -ENOMEM; 2081 return -ENOMEM;
2082 vma_link(mm, vma, prev, rb_link, rb_parent); 2082 vma_link(mm, vma, prev, rb_link, rb_parent);
2083 return 0; 2083 return 0;