From a59b4c936b967eb93b5fd513bfa54949456bc4a3 Mon Sep 17 00:00:00 2001
From: Tavis Ormandy <taviso@cmpxchg8b.com>
Date: Thu, 9 Dec 2010 15:29:42 +0100
Subject: [PATCH] --- yaml --- r: 223307 b: refs/heads/master c:
 462e635e5b73ba9a4c03913b77138cd57ce4b050 h: refs/heads/master i:   223305:
 7e9d554dd41e9508a5171fe161a2c13c0a1bb0d3   223303:
 4a0b70ebcbebc82e977dd6977b04981883dd3104 v: v3

---
 [refs]          |  2 +-
 trunk/fs/exec.c |  5 +++++
 trunk/mm/mmap.c | 16 ++++++++++++----
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/[refs] b/[refs]
index 225875403bc0..64a7f78edee1 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 0fcdcfbbc98f70f559e4b36773a69972489a6d8f
+refs/heads/master: 462e635e5b73ba9a4c03913b77138cd57ce4b050
diff --git a/trunk/fs/exec.c b/trunk/fs/exec.c
index d68c378a3137..c62efcb959c7 100644
--- a/trunk/fs/exec.c
+++ b/trunk/fs/exec.c
@@ -275,6 +275,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
 	vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP;
 	vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
 	INIT_LIST_HEAD(&vma->anon_vma_chain);
+
+	err = security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1);
+	if (err)
+		goto err;
+
 	err = insert_vm_struct(mm, vma);
 	if (err)
 		goto err;
diff --git a/trunk/mm/mmap.c b/trunk/mm/mmap.c
index b179abb1474a..50a4aa0255a0 100644
--- a/trunk/mm/mmap.c
+++ b/trunk/mm/mmap.c
@@ -2462,6 +2462,7 @@ int install_special_mapping(struct mm_struct *mm,
 			    unsigned long addr, unsigned long len,
 			    unsigned long vm_flags, struct page **pages)
 {
+	int ret;
 	struct vm_area_struct *vma;
 
 	vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
@@ -2479,16 +2480,23 @@ int install_special_mapping(struct mm_struct *mm,
 	vma->vm_ops = &special_mapping_vmops;
 	vma->vm_private_data = pages;
 
-	if (unlikely(insert_vm_struct(mm, vma))) {
-		kmem_cache_free(vm_area_cachep, vma);
-		return -ENOMEM;
-	}
+	ret = security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1);
+	if (ret)
+		goto out;
+
+	ret = insert_vm_struct(mm, vma);
+	if (ret)
+		goto out;
 
 	mm->total_vm += len >> PAGE_SHIFT;
 
 	perf_event_mmap(vma);
 
 	return 0;
+
+out:
+	kmem_cache_free(vm_area_cachep, vma);
+	return ret;
 }
 
 static DEFINE_MUTEX(mm_all_locks_mutex);