src/patches/suse-2.6.27.25/patches.xen/xen3-silent-stack-overflow

   1 From: Andrea Arcangeli <andrea@suse.de>
   2 Subject: avoid silent stack overflow over the heap
   3 Patch-mainline: no
   4 References: SUSE44807
   5
   6 x
   7
   8 Signed-off-by: Andrea Arcangeli <andrea@suse.de>
   9
  10 Automatically created from "patches.suse/silent-stack-overflow" by xen-port-patches.py
  11
  12 Index: head-2008-10-13/arch/x86/mm/fault-xen.c
  13 ===================================================================
  14 --- head-2008-10-13.orig/arch/x86/mm/fault-xen.c        2008-10-13 15:28:47.000000000 +0200
  15 +++ head-2008-10-13/arch/x86/mm/fault-xen.c     2008-10-13 15:32:57.000000000 +0200
  16 @@ -598,7 +598,7 @@ void __kprobes do_page_fault(struct pt_r
  17  {
  18         struct task_struct *tsk;
  19         struct mm_struct *mm;
  20 -       struct vm_area_struct *vma;
  21 +       struct vm_area_struct *vma, *prev_vma;
  22         unsigned long address;
  23         int write, si_code;
  24         int fault;
  25 @@ -748,7 +748,13 @@ again:
  26                 if (address + 65536 + 32 * sizeof(unsigned long) < regs->sp)
  27                         goto bad_area;
  28         }
  29 -       if (expand_stack(vma, address))
  30 +       /*
  31 +        * find_vma_prev is just a bit slower, because it cannot
  32 +        * use the mmap_cache, so we run it only in the growsdown
  33 +        * slow path and we leave find_vma in the fast path.
  34 +        */
  35 +       find_vma_prev(current->mm, address, &prev_vma);
  36 +       if (expand_stack(vma, address, prev_vma))
  37                 goto bad_area;
  38  /*
  39   * Ok, we have a good vm_area for this memory access, so