On Tue, Jul 04, 2017 at 12:36:11PM +0100, Ben Hutchings wrote:
> @@ -2323,11 +2330,17 @@ int expand_downwards(struct vm_area_struct *vma,
> if (error)
> return error;
>
> - /* Enforce stack_guard_gap */
> + /*
> + * Enforce stack_guard_gap, but allow VM_NONE mappings in the gap
> + * as some applications try to make their own stack guards
> + */
> gap_addr = address - stack_guard_gap;
> if (gap_addr > address)
> return -ENOMEM;
> - prev = vma->vm_prev;
> + for (prev = vma->vm_prev;
> + prev && !(prev->vm_flags & (VM_READ | VM_WRITE | VM_EXEC));
> + prev = prev->vm_prev)
> + ;
> if (prev && prev->vm_end > gap_addr) {
> if (!(prev->vm_flags & VM_GROWSDOWN))
> return -ENOMEM;
Hmmm shouldn't we also stop looping when we're out of the gap ? Something
like this :
for (prev = vma->vm_prev;
prev && !(prev->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) &&
address - prev->vm_end < stack_guard_gap;
prev = prev->vm_prev)
;
This would limit the risk of runaway loops if someone is having fun
allocating a lot of memory in small chunks (eg: 4 GB in 1 million
independant mmap() calls).
Willy
