Commit:     d1cabd63262707ad5d6bb730f25b7a2852734595
Parent:     e29e175b0f40cffc86068156733def14a7a533ab
Author:     James Bottomley <[EMAIL PROTECTED]>
AuthorDate: Fri Mar 16 13:38:35 2007 -0800
Committer:  Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Fri Mar 16 19:25:06 2007 -0700

    [PATCH] fix process crash caused by randomisation and 64k pages
    This bug was seen on ppc64, but it could have occurred on any
    architecture with a page size of 64k or above.  The problem is that in
    fs/binfmt_elf.c:randomize_stack_top() randomizes the stack to within
    0x7ff pages.  On 4k page machines, this is 8MB; on 64k page boxes, this
    is 128MB.
    The problem is that the new binary layout (selected in
    arch_pick_mmap_layout) places the mapping segment 128MB or the stack
    rlimit away from the top of the process memory, whichever is larger.  If
    you chose an rlimit of less than 128MB (most defaults are in the 8Mb
    range) then you can end up having your entire stack randomized away.
    The fix is to make randomize_stack_top() only steal at most 8MB, which this
    patch does.  However, I have to point out that even with this, your stack
    rlimit might not be exactly what you get if it's > 128MB, because you're
    still losing the random offset of up to 8MB.
    The true fix should be to leave an explicit gap for the randomization plus
    a buffer when determining mmap_base, but that would involve fixing all the
    Cc: Arjan van de Ven <[EMAIL PROTECTED]>
    Cc: Ingo Molnar <[EMAIL PROTECTED]>
    Cc: Andi Kleen <[EMAIL PROTECTED]>
    Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
    Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
 fs/binfmt_elf.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 51db118..a2fceba 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -507,7 +507,7 @@ out:
-#define STACK_RND_MASK 0x7ff           /* with 4K pages 8MB of VA */
+#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12))    /* 8MB of VA */
 static unsigned long randomize_stack_top(unsigned long stack_top)
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to