| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Sep 2012 13:59:24 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Wanlong Gao <gaowanlong@...fujitsu.com> Cc: linux-kernel@...r.kernel.org, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, linux-mm@...ck.org (open list:MEMORY MANAGEMENT) Subject: Re: [PATCH] mm: fix mmap overflow checking On Tue, 4 Sep 2012 17:23:00 +0800 Wanlong Gao <gaowanlong@...fujitsu.com> wrote: > POSIX said that if the file is a regular file and the value of "off" > plus "len" exceeds the offset maximum established in the open file > description associated with fildes, mmap should return EOVERFLOW. That's what POSIX says, but what does Linux do? It is important that we precisely describe and understand the behaviour change, as there is potential here to break existing applications. I'm assuming that Linux presently permits the mmap() and then generates SIGBUS if an access is attempted beyond the max file size? > /* offset overflow? */ > - if ((pgoff + (len >> PAGE_SHIFT)) < pgoff) > - return -EOVERFLOW; > + if (off + len < off) > + return -EOVERFLOW; Well, this treats sizeof(off_t) as the "offset maximum established in the open file". But from my reading of the above excerpt, we should in fact be checking against the underlying fs's s_maxbytes? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists