From: Danny Feng <dfeng@redhat.com> Date: Fri, 29 Jan 2010 09:26:45 -0500 Subject: [mm] keep get_unmapped_area_prot functional Message-id: <20100129092657.4587.77143.sendpatchset@dhcp-65-180.nay.redhat.com> Patchwork-id: 22997 O-Subject: [PATCH RHEL5.5 12/12 BZ556710 CVE-2010-0291] with respect to get_unmapped_area_prot Bugzilla: 556710 RH-Acked-by: Jarod Wilson <jarod@redhat.com> RH-Acked-by: Larry Woodman <lwoodman@redhat.com> Not upstream, adjusted for rhel5 kernel exec shield. Subject: [PATCH] with respect to get_unmapped_area_prot rhel5 uses get_unmapped_area_prot to support exec shield, so in rhel5 mmap untangle fix, we should not break this. Signed-off-by: Danny Feng <dfeng@redhat.com> diff --git a/mm/mremap.c b/mm/mremap.c index 27b9604..49e1d05 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -346,9 +346,9 @@ static unsigned long mremap_to(unsigned long addr, if (vma->vm_flags & VM_MAYSHARE) map_flags |= MAP_SHARED; - ret = get_unmapped_area(vma->vm_file, new_addr, new_len, vma->vm_pgoff + + ret = get_unmapped_area_prot(vma->vm_file, new_addr, new_len, vma->vm_pgoff + ((addr - vma->vm_start) >> PAGE_SHIFT), - map_flags); + map_flags, vma->vm_flags & VM_EXEC); if (ret & ~PAGE_MASK) goto out1; @@ -369,8 +369,8 @@ static int vma_expandable(struct vm_area_struct *vma, unsigned long delta) return 0; if (vma->vm_next && vma->vm_next->vm_start < end) /* intersection */ return 0; - if (get_unmapped_area(NULL, vma->vm_start, end - vma->vm_start, - 0, MAP_FIXED) & ~PAGE_MASK) + if (get_unmapped_area_prot(NULL, vma->vm_start, end - vma->vm_start, + 0, MAP_FIXED, vma->vm_flags & VM_EXEC) & ~PAGE_MASK) return 0; return 1; } @@ -468,10 +468,10 @@ unsigned long do_mremap(unsigned long addr, if (vma->vm_flags & VM_MAYSHARE) map_flags |= MAP_SHARED; - new_addr = get_unmapped_area(vma->vm_file, 0, new_len, + new_addr = get_unmapped_area_prot(vma->vm_file, 0, new_len, vma->vm_pgoff + ((addr - vma->vm_start) >> PAGE_SHIFT), - map_flags); + map_flags, vma->vm_flags & VM_EXEC); if (new_addr & ~PAGE_MASK) { ret = new_addr; goto out;