diff options
| author | Roman Gushchin <klamm@yandex-team.ru> | 2015-02-11 15:28:39 -0800 |
|---|---|---|
| committer | Sasha Levin <sasha.levin@oracle.com> | 2015-03-14 15:37:16 -0400 |
| commit | 64ac32052a49d485cb8e2bc6dca17a1d82917fdc (patch) | |
| tree | 1e90862a98de8a8eddcde0fba4d7d092384ed360 /mm/nommu.c | |
| parent | 8473518c0756c4ddebbb2f999d36568e43d5e87c (diff) | |
| download | linux-rt-64ac32052a49d485cb8e2bc6dca17a1d82917fdc.tar.gz | |
mm/mmap.c: fix arithmetic overflow in __vm_enough_memory()
commit 5703b087dc8eaf47bfb399d6cf512d471beff405 upstream.
I noticed, that "allowed" can easily overflow by falling below 0,
because (total_vm / 32) can be larger than "allowed". The problem
occurs in OVERCOMMIT_NONE mode.
In this case, a huge allocation can success and overcommit the system
(despite OVERCOMMIT_NONE mode). All subsequent allocations will fall
(system-wide), so system become unusable.
The problem was masked out by commit c9b1d0981fcc
("mm: limit growth of 3% hardcoded other user reserve"),
but it's easy to reproduce it on older kernels:
1) set overcommit_memory sysctl to 2
2) mmap() large file multiple times (with VM_SHARED flag)
3) try to malloc() large amount of memory
It also can be reproduced on newer kernels, but miss-configured
sysctl_user_reserve_kbytes is required.
Fix this issue by switching to signed arithmetic here.
[akpm@linux-foundation.org: use min_t]
Signed-off-by: Roman Gushchin <klamm@yandex-team.ru>
Cc: Andrew Shewmaker <agshew@gmail.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Diffstat (limited to 'mm/nommu.c')
0 files changed, 0 insertions, 0 deletions