summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRam Gupta <ram.gupta5@gmail.com>2006-04-10 22:52:57 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2006-04-11 06:18:32 -0700
commit1e624196f43c3a62122959e15c5f03572cdadb5d (patch)
tree4196ccebe125c17dabc011422c6ff251835d1933
parentd6fef9da19b7acd46e04b7dbbba726b3febeca94 (diff)
downloadlwn-1e624196f43c3a62122959e15c5f03572cdadb5d.tar.gz
lwn-1e624196f43c3a62122959e15c5f03572cdadb5d.zip
[PATCH] mm: fix bug in brk()
The code checks for newbrk with oldbrk which are page aligned before making a check for the memory limit set of data segment. If the memory limit is not page aligned in that case it bypasses the test for the limit if the memory allocation is still for the same page. Signed-off-by: Ram Gupta <ram.gupta5@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--mm/mmap.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/mm/mmap.c b/mm/mmap.c
index e780d19aa214..eab6fcb65e11 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -220,6 +220,17 @@ asmlinkage unsigned long sys_brk(unsigned long brk)
if (brk < mm->end_code)
goto out;
+
+ /*
+ * Check against rlimit here. If this check is done later after the test
+ * of oldbrk with newbrk then it can escape the test and let the data
+ * segment grow beyond its set limit the in case where the limit is
+ * not page aligned -Ram Gupta
+ */
+ rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
+ if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim)
+ goto out;
+
newbrk = PAGE_ALIGN(brk);
oldbrk = PAGE_ALIGN(mm->brk);
if (oldbrk == newbrk)
@@ -232,11 +243,6 @@ asmlinkage unsigned long sys_brk(unsigned long brk)
goto out;
}
- /* Check against rlimit.. */
- rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
- if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim)
- goto out;
-
/* Check against existing mmap mappings. */
if (find_vma_intersection(mm, oldbrk, newbrk+PAGE_SIZE))
goto out;