Subject: [PATCH] brk: check lower bound properly
Cc: Ingo Molnar <mingo@elte.hu>

From: Jiri Kosina <jkosina@suse.cz>

The check in sys_brk() on minimum value the brk might have must take 
CONFIG_COMPAT_BRK setting into account. When this option is turned on 
(i.e. we support ancient legacy binaries, e.g. libc5-linked stuff), the 
lower bound on brk value is mm->end_code, otherwise the brk start is 
allowed to be arbitrarily shifted.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
---
 mm/mmap.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -242,10 +242,16 @@ asmlinkage unsigned long sys_brk(unsigne
 	unsigned long rlim, retval;
 	unsigned long newbrk, oldbrk;
 	struct mm_struct *mm = current->mm;
+	unsigned long min_brk;
 
 	down_write(&mm->mmap_sem);
 
-	if (brk < mm->start_brk)
+#ifdef CONFIG_COMPAT_BRK
+	min_brk = mm->end_code;
+#else
+	min_brk = mm->start_brk;
+#endif
+	if (brk < min_brk)
 		goto out;
 
 	/*