diff options
author | Robin Murphy <robin.murphy@arm.com> | 2017-01-05 17:15:01 (GMT) |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-01-19 19:18:03 (GMT) |
commit | 3fbaff3adc763d999fa803bc1aeb5e49c48ce5c0 (patch) | |
tree | 11359187efd8dcd81499f4550a05381e17b47e92 /drivers/dma | |
parent | 1a62a0f76556f39d6d67789bb981b28230aaa338 (diff) | |
download | linux-3fbaff3adc763d999fa803bc1aeb5e49c48ce5c0.tar.xz |
drivers: char: mem: Fix thinkos in kmem address checks
commit 488debb9971bc7d0edd6d8080ba78ca02a04f6c4 upstream.
When borrowing the pfn_valid() check from mmap_kmem(), somebody managed
to get physical and virtual addresses spectacularly muddled up, such
that we've ended up with checks for one being the other. Whilst this
does indeed prevent out-of-bounds accesses crashing, on most systems
it also prevents the more desirable use-case of working at all ever.
Check the *virtual* offset correctly for what it is. Furthermore, do
so in the right place - a read or write may span multiple pages, so a
single up-front check is insufficient. High memory accesses already
have a similar validity check just before the copy_to_user() call, so
just make the low memory path fully consistent with that.
Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
Fixes: 148a1bc84398 ("drivers: char: mem: Check {read,write}_kmem() addresses")
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/dma')
0 files changed, 0 insertions, 0 deletions