From: Chris Wright <chrisw@osdl.org>
Date: Sat, 16 Jul 2005 05:40:13 +0000 (-0700)
Subject: Add x86_64 malicious 32bit app memleak fix.
X-Git-Tag: v2.6.12.3~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5f3e19c5ddbb0194cda74648cf6a5dbadf2f88f8;p=thirdparty%2Fkernel%2Fstable-queue.git

Add x86_64 malicious 32bit app memleak fix.
---

diff --git a/queue/series b/queue/series
index 9911b90974f..7ebb11fbd6d 100644
--- a/queue/series
+++ b/queue/series
@@ -1,3 +1,4 @@
 kbuild-fix-tags-problem-with-o.patch
 qla2xxx-fc_remote_port_add-failure-fix.patch
 rocket_c-fix-ldisc-ref-count.patch
+x86_64-32bit-memleak.patch
diff --git a/queue/x86_64-32bit-memleak.patch b/queue/x86_64-32bit-memleak.patch
new file mode 100644
index 00000000000..d3983269152
--- /dev/null
+++ b/queue/x86_64-32bit-memleak.patch
@@ -0,0 +1,47 @@
+From stable-bounces@linux.kernel.org  Fri Jul 15 19:18:31 2005
+Date: Fri, 15 Jul 2005 19:17:44 -0700
+From: "Siddha, Suresh B" <suresh.b.siddha@intel.com>
+To: "Justin M. Forbes" <jmforbes@linuxtx.org>
+Cc: torvalds@osdl.org, akpm@osdl.org, "Theodore Ts'o" <tytso@mit.edu>,
+        "Siddha,
+	Suresh B" <suresh.b.siddha@intel.com>,
+        Greg KH <gregkh@suse.de>, linux-kernel@vger.kernel.org,
+        Andi Kleen <ak@suse.de>, "Randy.Dunlap" <rdunlap@xenotime.net>,
+        Chuck Wolber <chuckw@quantumlinux.com>, stable@kernel.org,
+        alan@lxorguk.ukuu.org.uk, Zwane Mwaikambo <zwane@arm.linux.org.uk>
+Subject:  [PATCH] x86_64 memleak from malicious 32bit elf program
+
+malicious 32bit app can have an elf section at 0xffffe000.  During
+exec of this app, we will have a memory leak as insert_vm_struct() is
+not checking for return value in syscall32_setup_pages() and thus not
+freeing the vma allocated for the vsyscall page.
+
+Check the return value and free the vma incase of failure.
+
+Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+
+--- linux-2.6.12.2/arch/x86_64/ia32/syscall32.c.orig	2005-06-29 16:00:53.000000000 -0700
++++ linux-2.6.12.2/arch/x86_64/ia32/syscall32.c	2005-07-15 18:09:06.684409144 -0700
+@@ -57,6 +57,7 @@
+ 	int npages = (VSYSCALL32_END - VSYSCALL32_BASE) >> PAGE_SHIFT;
+ 	struct vm_area_struct *vma;
+ 	struct mm_struct *mm = current->mm;
++	int ret;
+ 
+ 	vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
+ 	if (!vma)
+@@ -78,7 +79,11 @@
+ 	vma->vm_mm = mm;
+ 
+ 	down_write(&mm->mmap_sem);
+-	insert_vm_struct(mm, vma);
++	if ((ret = insert_vm_struct(mm, vma))) {
++		up_write(&mm->mmap_sem);
++		kmem_cache_free(vm_area_cachep, vma);
++		return ret;
++	}
+ 	mm->total_vm += npages;
+ 	up_write(&mm->mmap_sem);
+ 	return 0;