In preparation for allowing vmas to be preserved across exec do not
assume that there is no prev vma to pass to mprotect_fixup() in
setup_arg_pages().
Also, setup_arg_pages() expands the initial stack of a process by
128k or to the stack size limit, whichever is smaller. expand_stack()
assumes there is no vma between the vma passed to it and the
address to expand to, so check before calling it.
Signed-off-by: Anthony Yznaga <anthony.yznaga@xxxxxxxxxx>
---
fs/exec.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/exec.c b/fs/exec.c
index e6e8a9a70327..262112e5f9f8 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -720,7 +720,7 @@ int setup_arg_pages(struct linux_binprm *bprm,
unsigned long stack_shift;
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma = bprm->vma;
- struct vm_area_struct *prev = NULL;
+ struct vm_area_struct *prev = vma->vm_prev;
unsigned long vm_flags;
unsigned long stack_base;
unsigned long stack_size;
@@ -819,6 +819,10 @@ int setup_arg_pages(struct linux_binprm *bprm,
else
stack_base = vma->vm_start - stack_expand;
#endif
+ if (vma != find_vma(mm, stack_base)) {
+ ret = -EFAULT;
+ goto out_unlock;
+ }
current->mm->start_stack = bprm->p;
ret = expand_stack(vma, stack_base);
if (ret)
--
1.8.3.1
