report errors in /proc/*/*map* sanely, CVE-2011-1020

[linux-flexiantxendom0-natty.git] / fs / proc / task_nommu.c

diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
index 253afc0..980de54 100644 (file)
--- a/fs/proc/task_nommu.c
+++ b/fs/proc/task_nommu.c
@@ -5,6 +5,7 @@
 #include <linux/fs_struct.h>
 #include <linux/mount.h>
 #include <linux/ptrace.h>
+#include <linux/slab.h>
 #include <linux/seq_file.h>
 #include "internal.h"
 
@@ -91,13 +92,14 @@ unsigned long task_vsize(struct mm_struct *mm)
        return vsize;
 }
 
-int task_statm(struct mm_struct *mm, int *shared, int *text,
-              int *data, int *resident)
+unsigned long task_statm(struct mm_struct *mm,
+                        unsigned long *shared, unsigned long *text,
+                        unsigned long *data, unsigned long *resident)
 {
        struct vm_area_struct *vma;
        struct vm_region *region;
        struct rb_node *p;
-       int size = kobjsize(mm);
+       unsigned long size = kobjsize(mm);
 
        down_read(&mm->mmap_sem);
        for (p = rb_first(&mm->mm_rb); p; p = rb_next(p)) {
@@ -110,22 +112,36 @@ int task_statm(struct mm_struct *mm, int *shared, int *text,
                }
        }
 
-       size += (*text = mm->end_code - mm->start_code);
-       size += (*data = mm->start_stack - mm->start_data);
+       *text = (PAGE_ALIGN(mm->end_code) - (mm->start_code & PAGE_MASK))
+               >> PAGE_SHIFT;
+       *data = (PAGE_ALIGN(mm->start_stack) - (mm->start_data & PAGE_MASK))
+               >> PAGE_SHIFT;
        up_read(&mm->mmap_sem);
+       size >>= PAGE_SHIFT;
+       size += *text + *data;
        *resident = size;
        return size;
 }
 
+static void pad_len_spaces(struct seq_file *m, int len)
+{
+       len = 25 + sizeof(void*) * 6 - len;
+       if (len < 1)
+               len = 1;
+       seq_printf(m, "%*c", len, ' ');
+}
+
 /*
  * display a single VMA to a sequenced file
  */
 static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma)
 {
+       struct mm_struct *mm = vma->vm_mm;
        unsigned long ino = 0;
        struct file *file;
        dev_t dev = 0;
        int flags, len;
+       unsigned long long pgoff = 0;
 
        flags = vma->vm_flags;
        file = vma->vm_file;
@@ -134,25 +150,29 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma)
                struct inode *inode = vma->vm_file->f_path.dentry->d_inode;
                dev = inode->i_sb->s_dev;
                ino = inode->i_ino;
+               pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT;
        }
 
        seq_printf(m,
-                  "%08lx-%08lx %c%c%c%c %08lx %02x:%02x %lu %n",
+                  "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n",
                   vma->vm_start,
                   vma->vm_end,
                   flags & VM_READ ? 'r' : '-',
                   flags & VM_WRITE ? 'w' : '-',
                   flags & VM_EXEC ? 'x' : '-',
                   flags & VM_MAYSHARE ? flags & VM_SHARED ? 'S' : 's' : 'p',
-                  vma->vm_pgoff << PAGE_SHIFT,
+                  pgoff,
                   MAJOR(dev), MINOR(dev), ino, &len);
 
        if (file) {
-               len = 25 + sizeof(void *) * 6 - len;
-               if (len < 1)
-                       len = 1;
-               seq_printf(m, "%*c", len, ' ');
+               pad_len_spaces(m, len);
                seq_path(m, &file->f_path, "");
+       } else if (mm) {
+               if (vma->vm_start <= mm->start_stack &&
+                       vma->vm_end >= mm->start_stack) {
+                       pad_len_spaces(m, len);
+                       seq_puts(m, "[stack]");
+               }
        }
 
        seq_putc(m, '\n');
@@ -179,14 +199,15 @@ static void *m_start(struct seq_file *m, loff_t *pos)
        /* pin the task and mm whilst we play with them */
        priv->task = get_pid_task(priv->pid, PIDTYPE_PID);
        if (!priv->task)
-               return NULL;
+               return ERR_PTR(-ESRCH);
 
        mm = mm_for_maps(priv->task);
-       if (!mm) {
+       if (!mm || IS_ERR(mm)) {
                put_task_struct(priv->task);
                priv->task = NULL;
-               return NULL;
+               return mm;
        }
+       down_read(&mm->mmap_sem);
 
        /* start from the Nth VMA */
        for (p = rb_first(&mm->mm_rb); p; p = rb_next(p))