On Tue, 2017-07-04 at 19:11 +0200, Willy Tarreau wrote: > On Tue, Jul 04, 2017 at 12:36:11PM +0100, Ben Hutchings wrote: > > @@ -2323,11 +2330,17 @@ int expand_downwards(struct vm_area_struct *vma, > > if (error) > > return error; > > > > - /* Enforce stack_guard_gap */ > > + /* > > + * Enforce stack_guard_gap, but allow VM_NONE mappings in the gap > > + * as some applications try to make their own stack guards > > + */ > > gap_addr = address - stack_guard_gap; > > if (gap_addr > address) > > return -ENOMEM; > > - prev = vma->vm_prev; > > + for (prev = vma->vm_prev; > > + prev && !(prev->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)); > > + prev = prev->vm_prev) > > + ; > > if (prev && prev->vm_end > gap_addr) { > > if (!(prev->vm_flags & VM_GROWSDOWN)) > > return -ENOMEM; > > Hmmm shouldn't we also stop looping when we're out of the gap ?
Yes, either that or only allow one such vma. Ben. > Something like this : > > for (prev = vma->vm_prev; > prev && !(prev->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) && > address - prev->vm_end < stack_guard_gap; > prev = prev->vm_prev) > ; > > This would limit the risk of runaway loops if someone is having fun > allocating a lot of memory in small chunks (eg: 4 GB in 1 million > independant mmap() calls). -- Ben Hutchings Anthony's Law of Force: Don't force it, get a larger hammer.
signature.asc
Description: This is a digitally signed message part