[arch-commits] Commit in linux/trunk (3 files)

Tobias Powalowski tpowa at archlinux.org
Sat Jun 24 07:52:30 UTC 2017 

    Date: Saturday, June 24, 2017 @ 07:52:30
  Author: tpowa
Revision: 299189

upgpkg: linux 4.11.7-1

bump to latest version

Deleted:
  linux/trunk/CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch
  linux/trunk/CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch
  linux/trunk/CVE-2017-1000364.mm-larger-stack-guard-gap-between-vmas.patch

----------------------------------------------------------------------------+
 CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch |   45 ---------
 CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch           |   47 ----------
 2 files changed, 92 deletions(-)

Deleted: CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch
===================================================================
--- CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch	2017-06-24 07:49:57 UTC (rev 299188)
+++ CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch	2017-06-24 07:52:30 UTC (rev 299189)
@@ -1,45 +0,0 @@
-From bd726c90b6b8ce87602208701b208a208e6d5600 Mon Sep 17 00:00:00 2001
-From: Helge Deller <deller at gmx.de>
-Date: Mon, 19 Jun 2017 17:34:05 +0200
-Subject: [PATCH] Allow stack to grow up to address space limit
-
-Fix expand_upwards() on architectures with an upward-growing stack (parisc,
-metag and partly IA-64) to allow the stack to reliably grow exactly up to
-the address space limit given by TASK_SIZE.
-
-Signed-off-by: Helge Deller <deller at gmx.de>
-Acked-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
----
- mm/mmap.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/mm/mmap.c b/mm/mmap.c
-index 290b77d9a01e0..a5e3dcd75e79f 100644
---- a/mm/mmap.c
-+++ b/mm/mmap.c
-@@ -2230,16 +2230,19 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
- 	if (!(vma->vm_flags & VM_GROWSUP))
- 		return -EFAULT;
- 
--	/* Guard against wrapping around to address 0. */
-+	/* Guard against exceeding limits of the address space. */
- 	address &= PAGE_MASK;
--	address += PAGE_SIZE;
--	if (!address)
-+	if (address >= TASK_SIZE)
- 		return -ENOMEM;
-+	address += PAGE_SIZE;
- 
- 	/* Enforce stack_guard_gap */
- 	gap_addr = address + stack_guard_gap;
--	if (gap_addr < address)
--		return -ENOMEM;
-+
-+	/* Guard against overflow */
-+	if (gap_addr < address || gap_addr > TASK_SIZE)
-+		gap_addr = TASK_SIZE;
-+
- 	next = vma->vm_next;
- 	if (next && next->vm_start < gap_addr) {
- 		if (!(next->vm_flags & VM_GROWSUP))

Deleted: CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch
===================================================================
--- CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch	2017-06-24 07:49:57 UTC (rev 299188)
+++ CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch	2017-06-24 07:52:30 UTC (rev 299189)
@@ -1,47 +0,0 @@
-From f4cb767d76cf7ee72f97dd76f6cfa6c76a5edc89 Mon Sep 17 00:00:00 2001
-From: Hugh Dickins <hughd at google.com>
-Date: Tue, 20 Jun 2017 02:10:44 -0700
-Subject: [PATCH] mm: fix new crash in unmapped_area_topdown()
-
-Trinity gets kernel BUG at mm/mmap.c:1963! in about 3 minutes of
-mmap testing.  That's the VM_BUG_ON(gap_end < gap_start) at the
-end of unmapped_area_topdown().  Linus points out how MAP_FIXED
-(which does not have to respect our stack guard gap intentions)
-could result in gap_end below gap_start there.  Fix that, and
-the similar case in its alternative, unmapped_area().
-
-Cc: stable at vger.kernel.org
-Fixes: 1be7107fbe18 ("mm: larger stack guard gap, between vmas")
-Reported-by: Dave Jones <davej at codemonkey.org.uk>
-Debugged-by: Linus Torvalds <torvalds at linux-foundation.org>
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Acked-by: Michal Hocko <mhocko at suse.com>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
----
- mm/mmap.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/mm/mmap.c b/mm/mmap.c
-index 8e07976d5e477..290b77d9a01e0 100644
---- a/mm/mmap.c
-+++ b/mm/mmap.c
-@@ -1817,7 +1817,8 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
- 		/* Check if current node has a suitable gap */
- 		if (gap_start > high_limit)
- 			return -ENOMEM;
--		if (gap_end >= low_limit && gap_end - gap_start >= length)
-+		if (gap_end >= low_limit &&
-+		    gap_end > gap_start && gap_end - gap_start >= length)
- 			goto found;
- 
- 		/* Visit right subtree if it looks promising */
-@@ -1920,7 +1921,8 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info)
- 		gap_end = vm_start_gap(vma);
- 		if (gap_end < low_limit)
- 			return -ENOMEM;
--		if (gap_start <= high_limit && gap_end - gap_start >= length)
-+		if (gap_start <= high_limit &&
-+		    gap_end > gap_start && gap_end - gap_start >= length)
- 			goto found;
- 
- 		/* Visit left subtree if it looks promising */

Deleted: CVE-2017-1000364.mm-larger-stack-guard-gap-between-vmas.patch
===================================================================
(Binary files differ)

More information about the arch-commits mailing list