[people/teissler/ipfire-2.x.git] / src / patches / suse-2.6.27.25 / patches.xen / xen3-silent-stack-overflow

From: Andrea Arcangeli <andrea@suse.de>
Subject: avoid silent stack overflow over the heap
Patch-mainline: no
References: SUSE44807

x

Signed-off-by: Andrea Arcangeli <andrea@suse.de>

Automatically created from "patches.suse/silent-stack-overflow" by xen-port-patches.py

Index: head-2008-10-13/arch/x86/mm/fault-xen.c
===================================================================
--- head-2008-10-13.orig/arch/x86/mm/fault-xen.c	2008-10-13 15:28:47.000000000 +0200
+++ head-2008-10-13/arch/x86/mm/fault-xen.c	2008-10-13 15:32:57.000000000 +0200
@@ -598,7 +598,7 @@ void __kprobes do_page_fault(struct pt_r
 {
 	struct task_struct *tsk;
 	struct mm_struct *mm;
-	struct vm_area_struct *vma;
+	struct vm_area_struct *vma, *prev_vma;
 	unsigned long address;
 	int write, si_code;
 	int fault;
@@ -748,7 +748,13 @@ again:
 		if (address + 65536 + 32 * sizeof(unsigned long) < regs->sp)
 			goto bad_area;
 	}
-	if (expand_stack(vma, address))
+	/*
+	 * find_vma_prev is just a bit slower, because it cannot
+	 * use the mmap_cache, so we run it only in the growsdown
+	 * slow path and we leave find_vma in the fast path.
+	 */
+	find_vma_prev(current->mm, address, &prev_vma);
+	if (expand_stack(vma, address, prev_vma))
 		goto bad_area;
 /*
  * Ok, we have a good vm_area for this memory access, so
Commit	Line	Data
00e5a55c BS	1	From: Andrea Arcangeli <andrea@suse.de>
	2	Subject: avoid silent stack overflow over the heap
	3	Patch-mainline: no
	4	References: SUSE44807
	5
	6	x
	7
	8	Signed-off-by: Andrea Arcangeli <andrea@suse.de>
	9
	10	Automatically created from "patches.suse/silent-stack-overflow" by xen-port-patches.py
	11
	12	Index: head-2008-10-13/arch/x86/mm/fault-xen.c
	13	===================================================================
	14	--- head-2008-10-13.orig/arch/x86/mm/fault-xen.c 2008-10-13 15:28:47.000000000 +0200
	15	+++ head-2008-10-13/arch/x86/mm/fault-xen.c 2008-10-13 15:32:57.000000000 +0200
	16	@@ -598,7 +598,7 @@ void __kprobes do_page_fault(struct pt_r
	17	{
	18	struct task_struct *tsk;
	19	struct mm_struct *mm;
	20	- struct vm_area_struct *vma;
	21	+ struct vm_area_struct vma, prev_vma;
	22	unsigned long address;
	23	int write, si_code;
	24	int fault;
	25	@@ -748,7 +748,13 @@ again:
	26	if (address + 65536 + 32 * sizeof(unsigned long) < regs->sp)
	27	goto bad_area;
	28	}
	29	- if (expand_stack(vma, address))
	30	+ /*
	31	+ * find_vma_prev is just a bit slower, because it cannot
	32	+ * use the mmap_cache, so we run it only in the growsdown
	33	+ * slow path and we leave find_vma in the fast path.
	34	+ */
	35	+ find_vma_prev(current->mm, address, &prev_vma);
	36	+ if (expand_stack(vma, address, prev_vma))
	37	goto bad_area;
	38	/*
	39	* Ok, we have a good vm_area for this memory access, so