[PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes
A malicious 32bit app can have an elf section at 0xffffe000. During
exec of this app, we will have a memory leak as insert_vm_struct() is
not checking for return value in syscall32_setup_pages() and thus not
freeing the vma allocated for the vsyscall page.
Check the return value and free the vma incase of failure.
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
diff --git a/arch/x86_64/ia32/syscall32.c b/arch/x86_64/ia32/syscall32.c
index 01d8db1..816a3b8 100644
--- a/arch/x86_64/ia32/syscall32.c
+++ b/arch/x86_64/ia32/syscall32.c
@@ -57,6 +57,7 @@
int npages = (VSYSCALL32_END - VSYSCALL32_BASE) >> PAGE_SHIFT;
struct vm_area_struct *vma;
struct mm_struct *mm = current->mm;
+ int ret;
vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
if (!vma)
@@ -78,7 +79,11 @@
vma->vm_mm = mm;
down_write(&mm->mmap_sem);
- insert_vm_struct(mm, vma);
+ if ((ret = insert_vm_struct(mm, vma))) {
+ up_write(&mm->mmap_sem);
+ kmem_cache_free(vm_area_cachep, vma);
+ return ret;
+ }
mm->total_vm += npages;
up_write(&mm->mmap_sem);
return 0;