summaryrefslogtreecommitdiff
path: root/fs/exec.c
diff options
context:
space:
mode:
authorStefan Agner <stefan.agner@toradex.com>2017-09-26 16:04:08 +0200
committerStefan Agner <stefan.agner@toradex.com>2017-09-26 18:11:18 +0200
commit1f4d46cea2bc1886a13ae9adfcd9e4243eed6a4c (patch)
tree2001999c70f8e46b192fc552590810aab35710e3 /fs/exec.c
parentd152ae9d4704d8c7b3775e3b1a20e62aa3b1eed8 (diff)
parentb52c9082f2eb3a6f7fbbc86fad3eaa2a1725da66 (diff)
Merge tag 'v4.4.88' into toradex_vf_4.4-next
This is the 4.4.88 stable release
Diffstat (limited to 'fs/exec.c')
-rw-r--r--fs/exec.c35
1 files changed, 28 insertions, 7 deletions
diff --git a/fs/exec.c b/fs/exec.c
index 3a6de10d3891..9c5ee2a880aa 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -206,7 +206,24 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
if (write) {
unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start;
- struct rlimit *rlim;
+ unsigned long ptr_size, limit;
+
+ /*
+ * Since the stack will hold pointers to the strings, we
+ * must account for them as well.
+ *
+ * The size calculation is the entire vma while each arg page is
+ * built, so each time we get here it's calculating how far it
+ * is currently (rather than each call being just the newly
+ * added size from the arg page). As a result, we need to
+ * always add the entire size of the pointers, so that on the
+ * last call to get_arg_page() we'll actually have the entire
+ * correct size.
+ */
+ ptr_size = (bprm->argc + bprm->envc) * sizeof(void *);
+ if (ptr_size > ULONG_MAX - size)
+ goto fail;
+ size += ptr_size;
acct_arg_size(bprm, size / PAGE_SIZE);
@@ -218,20 +235,24 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
return page;
/*
- * Limit to 1/4-th the stack size for the argv+env strings.
+ * Limit to 1/4 of the max stack size or 3/4 of _STK_LIM
+ * (whichever is smaller) for the argv+env strings.
* This ensures that:
* - the remaining binfmt code will not run out of stack space,
* - the program will have a reasonable amount of stack left
* to work from.
*/
- rlim = current->signal->rlim;
- if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4) {
- put_page(page);
- return NULL;
- }
+ limit = _STK_LIM / 4 * 3;
+ limit = min(limit, rlimit(RLIMIT_STACK) / 4);
+ if (size > limit)
+ goto fail;
}
return page;
+
+fail:
+ put_page(page);
+ return NULL;
}
static void put_arg_page(struct page *page)