[arch-commits] Commit in linux/trunk (3 files)
Tobias Powalowski
tpowa at archlinux.org
Sat Jun 24 07:52:30 UTC 2017
Date: Saturday, June 24, 2017 @ 07:52:30
Author: tpowa
Revision: 299189
upgpkg: linux 4.11.7-1
bump to latest version
Deleted:
linux/trunk/CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch
linux/trunk/CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch
linux/trunk/CVE-2017-1000364.mm-larger-stack-guard-gap-between-vmas.patch
----------------------------------------------------------------------------+
CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch | 45 ---------
CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch | 47 ----------
2 files changed, 92 deletions(-)
Deleted: CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch
===================================================================
--- CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch 2017-06-24 07:49:57 UTC (rev 299188)
+++ CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch 2017-06-24 07:52:30 UTC (rev 299189)
@@ -1,45 +0,0 @@
-From bd726c90b6b8ce87602208701b208a208e6d5600 Mon Sep 17 00:00:00 2001
-From: Helge Deller <deller at gmx.de>
-Date: Mon, 19 Jun 2017 17:34:05 +0200
-Subject: [PATCH] Allow stack to grow up to address space limit
-
-Fix expand_upwards() on architectures with an upward-growing stack (parisc,
-metag and partly IA-64) to allow the stack to reliably grow exactly up to
-the address space limit given by TASK_SIZE.
-
-Signed-off-by: Helge Deller <deller at gmx.de>
-Acked-by: Hugh Dickins <hughd at google.com>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
----
- mm/mmap.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/mm/mmap.c b/mm/mmap.c
-index 290b77d9a01e0..a5e3dcd75e79f 100644
---- a/mm/mmap.c
-+++ b/mm/mmap.c
-@@ -2230,16 +2230,19 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
- if (!(vma->vm_flags & VM_GROWSUP))
- return -EFAULT;
-
-- /* Guard against wrapping around to address 0. */
-+ /* Guard against exceeding limits of the address space. */
- address &= PAGE_MASK;
-- address += PAGE_SIZE;
-- if (!address)
-+ if (address >= TASK_SIZE)
- return -ENOMEM;
-+ address += PAGE_SIZE;
-
- /* Enforce stack_guard_gap */
- gap_addr = address + stack_guard_gap;
-- if (gap_addr < address)
-- return -ENOMEM;
-+
-+ /* Guard against overflow */
-+ if (gap_addr < address || gap_addr > TASK_SIZE)
-+ gap_addr = TASK_SIZE;
-+
- next = vma->vm_next;
- if (next && next->vm_start < gap_addr) {
- if (!(next->vm_flags & VM_GROWSUP))
Deleted: CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch
===================================================================
--- CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch 2017-06-24 07:49:57 UTC (rev 299188)
+++ CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch 2017-06-24 07:52:30 UTC (rev 299189)
@@ -1,47 +0,0 @@
-From f4cb767d76cf7ee72f97dd76f6cfa6c76a5edc89 Mon Sep 17 00:00:00 2001
-From: Hugh Dickins <hughd at google.com>
-Date: Tue, 20 Jun 2017 02:10:44 -0700
-Subject: [PATCH] mm: fix new crash in unmapped_area_topdown()
-
-Trinity gets kernel BUG at mm/mmap.c:1963! in about 3 minutes of
-mmap testing. That's the VM_BUG_ON(gap_end < gap_start) at the
-end of unmapped_area_topdown(). Linus points out how MAP_FIXED
-(which does not have to respect our stack guard gap intentions)
-could result in gap_end below gap_start there. Fix that, and
-the similar case in its alternative, unmapped_area().
-
-Cc: stable at vger.kernel.org
-Fixes: 1be7107fbe18 ("mm: larger stack guard gap, between vmas")
-Reported-by: Dave Jones <davej at codemonkey.org.uk>
-Debugged-by: Linus Torvalds <torvalds at linux-foundation.org>
-Signed-off-by: Hugh Dickins <hughd at google.com>
-Acked-by: Michal Hocko <mhocko at suse.com>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
----
- mm/mmap.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/mm/mmap.c b/mm/mmap.c
-index 8e07976d5e477..290b77d9a01e0 100644
---- a/mm/mmap.c
-+++ b/mm/mmap.c
-@@ -1817,7 +1817,8 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
- /* Check if current node has a suitable gap */
- if (gap_start > high_limit)
- return -ENOMEM;
-- if (gap_end >= low_limit && gap_end - gap_start >= length)
-+ if (gap_end >= low_limit &&
-+ gap_end > gap_start && gap_end - gap_start >= length)
- goto found;
-
- /* Visit right subtree if it looks promising */
-@@ -1920,7 +1921,8 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info)
- gap_end = vm_start_gap(vma);
- if (gap_end < low_limit)
- return -ENOMEM;
-- if (gap_start <= high_limit && gap_end - gap_start >= length)
-+ if (gap_start <= high_limit &&
-+ gap_end > gap_start && gap_end - gap_start >= length)
- goto found;
-
- /* Visit left subtree if it looks promising */
Deleted: CVE-2017-1000364.mm-larger-stack-guard-gap-between-vmas.patch
===================================================================
(Binary files differ)
More information about the arch-commits
mailing list