git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit

author	Hugh Dickins <hughd@google.com>
	Tue, 20 Jun 2017 09:10:44 +0000 (02:10 -0700)
committer	Juerg Haefliger <juerg.haefliger@canonical.com>
	Mon, 26 Jun 2017 13:14:51 +0000 (15:14 +0200)
commit	25bca9447ee3f64cb86cf726f901304f700d63ca
tree	9122c5e068f7b10358c90bef4c61d042cd0bbf1b	tree
parent	ddeaddb9fa2f5a75ad0ab9fb4469262ca845cdfa	commit \| diff

mm: fix new crash in unmapped_area_topdown()

Trinity gets kernel BUG at mm/mmap.c:1963! in about 3 minutes of
mmap testing.  That's the VM_BUG_ON(gap_end < gap_start) at the
end of unmapped_area_topdown().  Linus points out how MAP_FIXED
(which does not have to respect our stack guard gap intentions)
could result in gap_end below gap_start there.  Fix that, and
the similar case in its alternative, unmapped_area().

Cc: stable@vger.kernel.org
Fixes: 1be7107fbe18 ("mm: larger stack guard gap, between vmas")
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Debugged-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
CVE-2017-1000364

(cherry-picked from commit f4cb767d76cf7ee72f97dd76f6cfa6c76a5edc89)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>