[linux] 06/07: fold me "mm: allow to configure stack gap size"

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Mon Jun 19 15:38:53 UTC 2017 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch stretch-security
in repository linux.

commit 5d6501ec976ec09ba736a0023ad0a84d0cbe4ad6
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Fri Jun 16 07:00:14 2017 +0200

    fold me "mm: allow to configure stack gap size"
---
 debian/changelog                                   |  1 +
 ...d-me-mm-allow-to-configure-stack-gap-size.patch | 82 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 84 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index eb7099b..0dc7ff1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ linux (4.9.30-2+deb9u1) UNRELEASED; urgency=medium
   * mm, proc: cap the stack gap for unpopulated growing vmas
   * mm, proc: drop priv parameter from is_stack
   * mm: do not collapse stack gap into THP
+  * fold me "mm: allow to configure stack gap size"
 
  -- Salvatore Bonaccorso <carnil at debian.org>  Tue, 13 Jun 2017 19:05:45 +0200
 
diff --git a/debian/patches/bugfix/all/fold-me-mm-allow-to-configure-stack-gap-size.patch b/debian/patches/bugfix/all/fold-me-mm-allow-to-configure-stack-gap-size.patch
new file mode 100644
index 0000000..b4f209b
--- /dev/null
+++ b/debian/patches/bugfix/all/fold-me-mm-allow-to-configure-stack-gap-size.patch
@@ -0,0 +1,82 @@
+From: Michal Hocko <mhocko at suse.com>
+Date: Fri, 16 Jun 2017 00:06:28 +0200
+Subject: fold me "mm: allow to configure stack gap size"
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-1000364
+
+- do not rely on is_stack when reporting the gap. show_map_vma has
+  all the information we need
+---
+ fs/proc/task_mmu.c | 19 +++++++++++++------
+ 1 file changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
+index f05faa18d8b6..ec7abc90b844 100644
+--- a/fs/proc/task_mmu.c
++++ b/fs/proc/task_mmu.c
+@@ -278,7 +278,7 @@ static int is_stack(struct vm_area_struct *vma)
+ }
+ 
+ static void
+-show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
++show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid, bool *has_gap)
+ {
+ 	struct mm_struct *mm = vma->vm_mm;
+ 	struct file *file = vma->vm_file;
+@@ -300,11 +300,17 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
+ 	start = vma->vm_start;
+ 	end = vma->vm_end;
+ 	if (vma->vm_flags & VM_GROWSDOWN) {
+-		if (stack_guard_area(vma, start))
++		if (stack_guard_area(vma, start)) {
+ 			start = min(end, start + stack_guard_gap);
++			if (has_gap)
++				*has_gap = true;
++		}
+ 	} else if (vma->vm_flags & VM_GROWSUP) {
+-		if (stack_guard_area(vma, end))
++		if (stack_guard_area(vma, end)) {
+ 			end = max(start, end - stack_guard_gap);
++			if (has_gap)
++				*has_gap = true;
++		}
+ 	}
+ 
+ 	seq_setwidth(m, 25 + sizeof(void *) * 6 - 1);
+@@ -361,7 +367,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
+ 
+ static int show_map(struct seq_file *m, void *v, int is_pid)
+ {
+-	show_map_vma(m, v, is_pid);
++	show_map_vma(m, v, is_pid, NULL);
+ 	m_cache_vma(m, v);
+ 	return 0;
+ }
+@@ -734,6 +740,7 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+ 		.mm = vma->vm_mm,
+ 		.private = &mss,
+ 	};
++	bool has_gap = false;
+ 
+ 	memset(&mss, 0, sizeof mss);
+ 
+@@ -764,7 +771,7 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+ 	/* mmap_sem is held in m_start */
+ 	walk_page_vma(vma, &smaps_walk);
+ 
+-	show_map_vma(m, vma, is_pid);
++	show_map_vma(m, vma, is_pid, &has_gap);
+ 
+ 	seq_printf(m,
+ 		   "Size:           %8lu kB\n"
+@@ -807,7 +814,7 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+ 		   (vma->vm_flags & VM_LOCKED) ?
+ 			(unsigned long)(mss.pss >> (10 + PSS_SHIFT)) : 0);
+ 
+-	if (is_stack(vma))
++	if (has_gap)
+ 		seq_printf(m, "Stack_Gap:      %8lu kB\n", stack_guard_gap >>10);
+ 
+ 	arch_show_smap(m, vma);
+-- 
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 3b6f1bc..4eb9297 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -125,6 +125,7 @@ bugfix/all/mm-allow-to-configure-stack-gap-size.patch
 bugfix/all/mm-proc-cap-the-stack-gap-for-unpopulated-growing-vm.patch
 bugfix/all/mm-proc-drop-priv-parameter-from-is_stack.patch
 bugfix/all/mm-do-not-collapse-stack-gap-into-THP.patch
+bugfix/all/fold-me-mm-allow-to-configure-stack-gap-size.patch
 
 # Fix exported symbol versions
 bugfix/ia64/revert-ia64-move-exports-to-definitions.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list