git.baikalelectronics.ru Git - kernel.git/commit

author	Dan Aloni <alonid@stratoscale.com>
	Mon, 30 Sep 2013 20:45:02 +0000 (13:45 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Mon, 30 Sep 2013 21:31:01 +0000 (14:31 -0700)
commit	a8bfbb86d0f954a8415995530026d0c593b1f2af
tree	df391a913b5dfd194924a1d1172ba5eed0c14560	tree \| snapshot
parent	74793d583c233487f58a861c1381d9bf635e84c7	commit \| diff

fs/binfmt_elf.c: prevent a coredump with a large vm_map_count from Oopsing

A high setting of max_map_count, and a process core-dumping with a large
enough vm_map_count could result in an NT_FILE note not being written,
and the kernel crashing immediately later because it has assumed
otherwise.

Reproduction of the oops-causing bug described here:

https://lkml.org/lkml/2013/8/30/50

Rge ussue originated in commit 50f5e4abeec6 ("coredump: extend core dump
note section to contain file names of mapped file") from Oct 4, 2012.

This patch make that section optional in that case. fill_files_note()
should signify the error, and also let the info struct in
elf_core_dump() be zero-initialized so that we can check for the
optionally written note.

[akpm@linux-foundation.org: avoid abusing E2BIG, remove a couple of not-really-needed local variables]
[akpm@linux-foundation.org: fix sparse warning]
Signed-off-by: Dan Aloni <alonid@stratoscale.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Denys Vlasenko <vda.linux@googlemail.com>
Reported-by: Martin MOKREJS <mmokrejs@gmail.com>
Tested-by: Martin MOKREJS <mmokrejs@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>