Michal Hocko 7175e56fa7 mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack ...

commit 561b5e0709e4a248c67d024d4d94b6e31e3edf2f upstream.

Commit 1be7107fbe18 ("mm: larger stack guard gap, between vmas") has
introduced a regression in some rust and Java environments which are
trying to implement their own stack guard page.  They are punching a new
MAP_FIXED mapping inside the existing stack Vma.

This will confuse expand_{downwards,upwards} into thinking that the
stack expansion would in fact get us too close to an existing non-stack
vma which is a correct behavior wrt safety.  It is a real regression on
the other hand.

Let's work around the problem by considering PROT_NONE mapping as a part
of the stack.  This is a gros hack but overflowing to such a mapping
would trap anyway an we only can hope that usespace knows what it is
doing and handle it propely.

Fixes: 1be7107fbe18 ("mm: larger stack guard gap, between vmas")
Link: http://lkml.kernel.org/r/20170705182849.GA18027@dhcp22.suse.cz
Signed-off-by: Michal Hocko <mhocko@suse.com>
Debugged-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2018-01-31 12:06:09 +01:00

..

kasan

kasan: respect /proc/sys/kernel/traceoff_on_warning

2017-06-17 06:39:36 +02:00

backing-dev.c

block: fix double-free in the failure path of cgwb_bdi_init()

2017-02-26 11:07:51 +01:00

balloon_compaction.c

virtio_balloon: fix race between migration and ballooning

2016-03-03 15:07:18 -08:00

bootmem.c

bootmem: avoid freeing to bootmem after bootmem is done

2015-09-08 15:35:28 -07:00

cleancache.c

cleancache: remove limit on the number of cleancache enabled filesystems

2015-04-14 16:49:03 -07:00

cma_debug.c

mm/cma_debug: correct size input to bitmap function

2015-07-17 16:39:54 -07:00

cma.c

mm/cma: silence warnings due to max() usage

2016-11-10 16:36:36 +01:00

cma.h

mm: cma: mark cma_bitmap_maxno() inline in header

2015-08-14 15:56:32 -07:00

compaction.c

mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page

2018-01-17 09:35:26 +01:00

debug-pagealloc.c

mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all call sites"

2017-11-24 11:26:29 +01:00

debug.c

mm: make compound_head() robust

2015-11-06 17:50:42 -08:00

dmapool.c

mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd

2015-11-06 17:50:42 -08:00

early_ioremap.c

mm/early_ioremap: use offset_in_page macro

2015-11-05 19:34:48 -08:00

fadvise.c

writeback: implement and use inode_congested()

2015-06-02 08:33:35 -06:00

failslab.c

mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIM

2015-11-06 17:50:42 -08:00

filemap.c

mm: do not access page->mapping directly on page_endio

2017-03-12 06:37:25 +01:00

frame_vector.c

mm: fix docbook comment for get_vaddr_frames()

2015-11-05 19:34:48 -08:00

frontswap.c

frontswap: allow multiple backends

2015-06-24 17:49:45 -07:00

gup.c

mm: larger stack guard gap, between vmas

2017-06-26 07:13:11 +02:00

highmem.c

mm/highmem: make kmap cache coloring aware

2014-08-06 18:01:22 -07:00

huge_memory.c

thp: fix MADV_DONTNEED vs. numa balancing race

2017-12-16 10:33:50 +01:00

hugetlb_cgroup.c

mm: make compound_head() robust

2015-11-06 17:50:42 -08:00

hugetlb.c

mm, hugetlb: use pte_present() instead of pmd_present() in follow_huge_pmd()

2017-04-08 09:53:32 +02:00

hwpoison-inject.c

hwpoison: use page_cgroup_ino for filtering by memcg

2015-09-10 13:29:01 -07:00

init-mm.c

mm: Add a user_ns owner to mm_struct and fix ptrace permission checks

2017-01-06 11:16:11 +01:00

internal.h

mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries

2017-08-11 09:08:50 -07:00

interval_tree.c

mm: replace vma->sharead.linear with vma->shared

2015-02-10 14:30:31 -08:00

Kconfig

mm: make compound_head() robust

2015-11-06 17:50:42 -08:00

Kconfig.debug

mm/debug_pagealloc: remove obsolete Kconfig options

2015-01-08 15:10:52 -08:00

kmemcheck.c

mm/slab_common: move kmem_cache definition to internal header

2014-10-09 22:25:50 -04:00

kmemleak-test.c

mm/kmemleak-test.c: use pr_fmt for logging

2014-06-06 16:08:18 -07:00

kmemleak.c

mm/kmemleak.c: remove unneeded initialization of object to NULL

2015-11-05 19:34:48 -08:00

ksm.c

mm,ksm: fix endless looping in allocating memory when ksm enable

2016-10-07 15:23:40 +02:00

list_lru.c

mm/list_lru.c: fix list_lru_count_node() to be race free

2017-07-21 07:44:56 +02:00

maccess.c

mm/maccess.c: actually return -EFAULT from strncpy_from_unsafe

2015-11-05 19:34:48 -08:00

madvise.c

mm/madvise.c: fix madvise() infinite loop under special circumstances

2017-12-05 11:22:50 +01:00

Makefile

media updates for v4.3-rc1

2015-09-11 16:42:39 -07:00

memblock.c

mm: consider memblock reservations for deferred memory initialization sizing

2017-06-14 13:16:26 +02:00

memcontrol.c

mm: memcontrol: avoid unused function warning

2017-03-18 19:09:57 +08:00

memory_hotplug.c

base/memory, hotplug: fix a kernel oops in show_valid_zones()

2017-02-09 08:02:47 +01:00

memory-failure.c

mm/memory-failure.c: use compound_head() flags for huge pages

2017-06-26 07:13:10 +02:00

memory.c

mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries

2017-08-11 09:08:50 -07:00

mempolicy.c

mm/mempolicy: fix use after free when calling get_mempolicy

2017-08-24 17:02:35 -07:00

mempool.c

mm/mempool: avoid KASAN marking mempool poison checks as use-after-free

2017-08-12 19:29:09 -07:00

memtest.c

memtest: remove unused header files

2015-09-08 15:35:28 -07:00

migrate.c

Sanitize 'move_pages()' permission checks

2017-08-24 17:02:36 -07:00

mincore.c

mm/mincore: use offset_in_page macro

2015-11-05 19:34:48 -08:00

mlock.c

mlock: fix mlock count can not decrease in race condition

2017-06-07 12:06:01 +02:00

mm_init.c

mm: meminit: remove mminit_verify_page_links

2015-06-30 19:44:56 -07:00

mmap.c

mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack

2018-01-31 12:06:09 +01:00

mmu_context.c

mm/mmu_context, sched/core: Fix mmu_context.h assumption

2017-12-25 14:22:09 +01:00

mmu_notifier.c

mmu-notifier: add clear_young callback

2015-09-10 13:29:01 -07:00

mmzone.c

mm: microoptimize zonelist operations

2015-02-11 17:06:02 -08:00

mprotect.c

mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries

2017-08-11 09:08:50 -07:00

mremap.c

mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries

2017-08-11 09:08:50 -07:00

msync.c

mm/msync: use offset_in_page macro

2015-11-05 19:34:48 -08:00

nobootmem.c

mm: page_alloc: pass PFN to __free_pages_bootmem

2015-06-30 19:44:55 -07:00

nommu.c

mm/nommu.c: drop unlikely inside BUG_ON()

2015-11-05 19:34:48 -08:00

oom_kill.c

mm/oom_kill.c: avoid attempting to kill init sharing same memory

2015-12-12 10:15:34 -08:00

page_alloc.c

mm: check the return value of lookup_page_ext for all call sites

2017-11-24 08:32:25 +01:00

page_counter.c

mm: page_counter: let page_counter_try_charge() return bool

2015-11-05 19:34:48 -08:00

page_ext.c

mm/page_ext.c: check if page_ext is not prepared

2017-11-24 08:32:25 +01:00

page_idle.c

mm: introduce idle page tracking

2015-09-10 13:29:01 -07:00

page_io.c

fs: use helper bio_add_page() instead of open coding on bi_io_vec

2015-08-13 12:32:00 -06:00

page_isolation.c

mm: fix invalid node in alloc_migrate_target()

2016-04-20 15:41:53 +09:00

page_owner.c

mm: check the return value of lookup_page_ext for all call sites

2017-11-24 08:32:25 +01:00

page-writeback.c

mm/page-writeback: fix dirty_ratelimit calculation

2018-01-17 09:35:27 +01:00

pagewalk.c

mm/pagewalk.c: report holes in hugetlb ranges

2017-11-24 08:32:25 +01:00

percpu-km.c

percpu: implmeent pcpu_nr_empty_pop_pages and chunk->nr_populated

2014-09-02 14:46:05 -04:00

percpu-vm.c

percpu: move region iterations out of pcpu_[de]populate_chunk()

2014-09-02 14:46:02 -04:00

percpu.c

percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages

2017-03-26 12:13:20 +02:00

pgtable-generic.c

mm,thp: khugepaged: call pte flush at the time of collapse

2016-02-25 12:01:23 -08:00

process_vm_access.c

ptrace: use fsuid, fsgid, effective creds for fs access checks

2016-02-25 12:01:16 -08:00

quicklist.c

…

readahead.c

mm, fs: introduce mapping_gfp_constraint()

2015-11-06 17:50:42 -08:00

rmap.c

mm/rmap: batched invalidations should use existing api

2017-12-25 14:22:09 +01:00

shmem.c

tmpfs: fix regression hang in fallocate undo

2016-07-27 09:47:40 -07:00

slab_common.c

slub: do not merge cache if slub_debug contains a never-merge flag

2017-10-21 17:09:05 +02:00

slab.c

slab/slub: adjust kmem_cache_alloc_bulk API

2015-11-22 11:58:44 -08:00

slab.h

slab/slub: adjust kmem_cache_alloc_bulk API

2015-11-22 11:58:44 -08:00

slob.c

slab/slub: adjust kmem_cache_alloc_bulk API

2015-11-22 11:58:44 -08:00

slub.c

slub/memcg: cure the brainless abuse of sysfs attributes

2017-06-07 12:06:01 +02:00

sparse-vmemmap.c

…

sparse.c

…

swap_cgroup.c

mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff()

2017-07-05 14:37:15 +02:00

swap_state.c

mm: swap: zswap: maybe_preload & refactoring

2015-09-08 15:35:28 -07:00

swap.c

mm: make compound_head() robust

2015-11-06 17:50:42 -08:00

swapfile.c

swapfile: fix memory corruption via malformed swapfile

2016-11-18 10:48:34 +01:00

truncate.c

fs: add i_blocksize()

2017-06-14 13:16:24 +02:00

userfaultfd.c

userfaultfd: avoid mmap_sem read recursion in mcopy_atomic

2015-09-04 16:54:41 -07:00

util.c

proc: revert /proc/<pid>/maps [stack:TID] annotation

2016-09-15 08:27:46 +02:00

vmacache.c

mm/vmacache: inline vmacache_valid_mm()

2015-11-05 19:34:48 -08:00

vmalloc.c

mm: vmalloc: don't remove inexistent guard hole in remove_vm_area()

2015-11-20 16:17:32 -08:00

vmpressure.c

mm: vmpressure: fix sending wrong events on underflow

2017-03-12 06:37:25 +01:00

vmscan.c

mm: fix classzone_idx underflow in shrink_zones()

2017-07-15 11:57:44 +02:00

vmstat.c

proc: much faster /proc/vmstat

2018-01-10 09:27:14 +01:00

workingset.c

mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page()

2016-10-28 03:01:34 -04:00

zbud.c

mm: zsmalloc: constify struct zs_pool name

2015-11-06 17:50:42 -08:00

zpool.c

mm: zsmalloc: constify struct zs_pool name

2015-11-06 17:50:42 -08:00

zsmalloc.c

zsmalloc: fix zs_can_compact() integer overflow

2016-05-18 17:06:44 -07:00

zswap.c

zswap: don't param_set_charp while holding spinlock

2018-01-17 09:35:27 +01:00