- Fix enough_memory() check for upwards-growing stacks
 - Limit upwards-growing stacks to 1GB
 - Remove trailing whitespace

diff -urpNX dontdiff linus-2.5/fs/exec.c parisc-2.5/fs/exec.c
--- linus-2.5/fs/exec.c	Thu Jul 10 16:18:33 2003
+++ parisc-2.5/fs/exec.c	Thu Jul 10 15:55:03 2003
@@ -56,7 +56,7 @@
 
 int core_uses_pid;
 char core_pattern[65] = "core";
-/* The maximal length of core_pattern is also specified in sysctl.c */ 
+/* The maximal length of core_pattern is also specified in sysctl.c */
 
 static struct linux_binfmt *formats;
 static rwlock_t binfmt_lock = RW_LOCK_UNLOCKED;
@@ -190,7 +190,7 @@ static int count(char __user * __user * 
  * memory to free pages in kernel mem. These are in a format ready
  * to be put directly into the top of new user memory.
  */
-int copy_strings(int argc,char __user * __user * argv, struct linux_binprm *bprm) 
+int copy_strings(int argc,char __user * __user * argv, struct linux_binprm *bprm)
 {
 	struct page *kmapped_page = NULL;
 	char *kaddr = NULL;
@@ -213,7 +213,7 @@ int copy_strings(int argc,char __user * 
 		}
 
 		bprm->p -= len;
-		/* XXX: add architecture specific overflow check here. */ 
+		/* XXX: add architecture specific overflow check here. */
 		pos = bprm->p;
 
 		while (len > 0) {
@@ -275,10 +275,10 @@ int copy_strings_kernel(int argc,char **
 {
 	int r;
 	mm_segment_t oldfs = get_fs();
-	set_fs(KERNEL_DS); 
+	set_fs(KERNEL_DS);
 	r = copy_strings(argc, (char __user * __user *)argv, bprm);
 	set_fs(oldfs);
-	return r; 
+	return r;
 }
 
 #ifdef CONFIG_MMU
@@ -341,6 +341,7 @@ int setup_arg_pages(struct linux_binprm 
 	struct vm_area_struct *mpnt;
 	struct mm_struct *mm = current->mm;
 	int i;
+	long arg_size;
 
 #ifdef CONFIG_STACK_GROWSUP
 	/* Move the argument and environment strings to the bottom of the
@@ -373,8 +374,15 @@ int setup_arg_pages(struct linux_binprm 
 
 	/* Adjust bprm->p to point to the end of the strings. */
 	bprm->p = PAGE_SIZE * i - offset;
-	stack_base = STACK_TOP - current->rlim[RLIMIT_STACK].rlim_max;
+
+	/* Limit stack size to 1GB */
+	stack_base = current->rlim[RLIMIT_STACK].rlim_max;
+	if (stack_base > (1 << 30))
+		stack_base = 1 << 30;
+	stack_base = PAGE_ALIGN(STACK_TOP - stack_base);
+
 	mm->arg_start = stack_base;
+	arg_size = i << PAGE_SHIFT;
 
 	/* zero pages that were copied above */
 	while (i < MAX_ARG_PAGES)
@@ -382,6 +390,7 @@ int setup_arg_pages(struct linux_binprm 
 #else
 	stack_base = STACK_TOP - MAX_ARG_PAGES * PAGE_SIZE;
 	mm->arg_start = bprm->p + stack_base;
+	arg_size = STACK_TOP - (PAGE_MASK & (unsigned long) mm->arg_start);
 #endif
 
 	bprm->p += stack_base;
@@ -393,7 +402,7 @@ int setup_arg_pages(struct linux_binprm 
 	if (!mpnt)
 		return -ENOMEM;
 
-	if (security_vm_enough_memory((STACK_TOP - (PAGE_MASK & (unsigned long) bprm->p))>>PAGE_SHIFT)) {
+	if (!security_vm_enough_memory(arg_size >> PAGE_SHIFT)) {
 		kmem_cache_free(vm_area_cachep, mpnt);
 		return -ENOMEM;
 	}
@@ -418,7 +427,7 @@ int setup_arg_pages(struct linux_binprm 
 		mpnt->vm_private_data = (void *) 0;
 		insert_vm_struct(mm, mpnt);
 		mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
-	} 
+	}
 
 	for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
 		struct page *page = bprm->page[i];
@@ -800,7 +809,7 @@ int flush_old_exec(struct linux_binprm *
 
 	/* An exec changes our domain. We are no longer part of the thread
 	   group */
-	   
+
 	current->self_exec_id++;
 			
 	flush_signal_handlers(current, 0);
@@ -884,7 +893,7 @@ int prepare_binprm(struct linux_binprm *
  *
  */
 
-void compute_creds(struct linux_binprm *bprm) 
+void compute_creds(struct linux_binprm *bprm)
 {
 	task_lock(current);
 	if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) {
@@ -1049,7 +1058,7 @@ int do_execve(char * filename,
 		return retval;
 
 	bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
-	memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0])); 
+	memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
 
 	bprm.file = file;
 	bprm.filename = filename;
@@ -1079,21 +1088,21 @@ int do_execve(char * filename,
 		goto out;
 
 	retval = prepare_binprm(&bprm);
-	if (retval < 0) 
-		goto out; 
+	if (retval < 0)
+		goto out;
 
 	retval = copy_strings_kernel(1, &bprm.filename, &bprm);
-	if (retval < 0) 
-		goto out; 
+	if (retval < 0)
+		goto out;
 
 	bprm.exec = bprm.p;
 	retval = copy_strings(bprm.envc, envp, &bprm);
-	if (retval < 0) 
-		goto out; 
+	if (retval < 0)
+		goto out;
 
 	retval = copy_strings(bprm.argc, argv, &bprm);
-	if (retval < 0) 
-		goto out; 
+	if (retval < 0)
+		goto out;
 
 	retval = search_binary_handler(&bprm,regs);
 	if (retval >= 0) {