diff options
author | Robin Murphy <robin.murphy@arm.com> | 2017-01-05 17:15:01 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-01-11 08:02:18 +0100 |
commit | 488debb9971bc7d0edd6d8080ba78ca02a04f6c4 (patch) | |
tree | 7f97b8edd11003152eefcd45345cb23fe617643e /drivers/xen/xlate_mmu.c | |
parent | 7ee7f45a763bd68c3a606595a8c1bb08c3e6146b (diff) | |
download | linux-488debb9971bc7d0edd6d8080ba78ca02a04f6c4.tar.bz2 |
drivers: char: mem: Fix thinkos in kmem address checks
When borrowing the pfn_valid() check from mmap_kmem(), somebody managed
to get physical and virtual addresses spectacularly muddled up, such
that we've ended up with checks for one being the other. Whilst this
does indeed prevent out-of-bounds accesses crashing, on most systems
it also prevents the more desirable use-case of working at all ever.
Check the *virtual* offset correctly for what it is. Furthermore, do
so in the right place - a read or write may span multiple pages, so a
single up-front check is insufficient. High memory accesses already
have a similar validity check just before the copy_to_user() call, so
just make the low memory path fully consistent with that.
Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
CC: stable@vger.kernel.org
Fixes: 148a1bc84398 ("drivers: char: mem: Check {read,write}_kmem() addresses")
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/xen/xlate_mmu.c')
0 files changed, 0 insertions, 0 deletions