--- /dev/null
+From 37511fb5c91db93d8bd6e3f52f86e5a7ff7cfcdf Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Fri, 14 Jul 2017 14:49:38 -0700
+Subject: mm: fix overflow check in expand_upwards()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Helge Deller <deller@gmx.de>
+
+commit 37511fb5c91db93d8bd6e3f52f86e5a7ff7cfcdf upstream.
+
+Jörn Engel noticed that the expand_upwards() function might not return
+-ENOMEM in case the requested address is (unsigned long)-PAGE_SIZE and
+if the architecture didn't defined TASK_SIZE as multiple of PAGE_SIZE.
+
+Affected architectures are arm, frv, m68k, blackfin, h8300 and xtensa
+which all define TASK_SIZE as 0xffffffff, but since none of those have
+an upwards-growing stack we currently have no actual issue.
+
+Nevertheless let's fix this just in case any of the architectures with
+an upward-growing stack (currently parisc, metag and partly ia64) define
+TASK_SIZE similar.
+
+Link: http://lkml.kernel.org/r/20170702192452.GA11868@p100.box
+Fixes: bd726c90b6b8 ("Allow stack to grow up to address space limit")
+Signed-off-by: Helge Deller <deller@gmx.de>
+Reported-by: Jörn Engel <joern@purestorage.com>
+Cc: Hugh Dickins <hughd@google.com>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/mmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/mmap.c
++++ b/mm/mmap.c
+@@ -2232,7 +2232,7 @@ int expand_upwards(struct vm_area_struct
+
+ /* Guard against exceeding limits of the address space. */
+ address &= PAGE_MASK;
+- if (address >= TASK_SIZE)
++ if (address >= (TASK_SIZE & PAGE_MASK))
+ return -ENOMEM;
+ address += PAGE_SIZE;
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
