| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Jan 2017 11:37:49 +0000
From: Robin Murphy <robin.murphy@....com>
To: gregkh@...uxfoundation.org, Jason@...c4.com
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: [PATCH] drivers: char: mem: Fix thinko in kmem address checks
When borrowing the pfn_valid() check from mmap_kmem(), somebody managed
to get physical and virtual addresses spectacularly muddled up, such
that we've ended up with checks for one being the other. Whilst this
does indeed prevent out-of-bounds accesses crashing, on most systems it
also prevents the more desirable use-case of working at all ever.
Check the *virtual* offset correctly for what it is.
Reported-by: Jason A. Donenfeld <Jason@...c4.com>
CC: stable@...r.kernel.org
Fixes: 148a1bc84398 ("drivers: char: mem: Check {read,write}_kmem() addresses")
Signed-off-by: Robin Murphy <robin.murphy@....com>
---
drivers/char/mem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 5bb1985ec484..bdc6a4018604 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -381,7 +381,7 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
char *kbuf; /* k-addr because vread() takes vmlist_lock rwlock */
int err = 0;
- if (!pfn_valid(PFN_DOWN(p)))
+ if (!virt_addr_valid(p))
return -EIO;
read = 0;
@@ -512,7 +512,7 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
- if (!pfn_valid(PFN_DOWN(p)))
+ if (!virt_addr_valid(p))
return -EIO;
if (p < (unsigned long) high_memory) {
--
2.10.2.dirty
Powered by blists - more mailing lists