On Tue, 2017-07-04 at 19:11 +0200, Willy Tarreau wrote:
> On Tue, Jul 04, 2017 at 12:36:11PM +0100, Ben Hutchings wrote:
> > @@ -2323,11 +2330,17 @@ int expand_downwards(struct vm_area_struct *vma,
> > if (error)
> > return error;
> >
> > - /* Enforce stack_guard_gap */
> > + /*
> > + * Enforce stack_guard_gap, but allow VM_NONE mappings in the gap
> > + * as some applications try to make their own stack guards
> > + */
> > gap_addr = address - stack_guard_gap;
> > if (gap_addr > address)
> > return -ENOMEM;
> > - prev = vma->vm_prev;
> > + for (prev = vma->vm_prev;
> > + prev && !(prev->vm_flags & (VM_READ | VM_WRITE | VM_EXEC));
> > + prev = prev->vm_prev)
> > + ;
> > if (prev && prev->vm_end > gap_addr) {
> > if (!(prev->vm_flags & VM_GROWSDOWN))
> > return -ENOMEM;
>
> Hmmm shouldn't we also stop looping when we're out of the gap ?Yes, either that or only allow one such vma. Ben. > Something like this : > > for (prev = vma->vm_prev; > prev && !(prev->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) && > address - prev->vm_end < stack_guard_gap; > prev = prev->vm_prev) > ; > > This would limit the risk of runaway loops if someone is having fun > allocating a lot of memory in small chunks (eg: 4 GB in 1 million > independant mmap() calls). -- Ben Hutchings Anthony's Law of Force: Don't force it, get a larger hammer.
signature.asc
Description: This is a digitally signed message part
