| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1466703010-32242-1-git-send-email-chenjie6@huawei.com>
Date: Fri, 24 Jun 2016 01:30:10 +0800
From: <chenjie6@...wei.com>
To: <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>,
<David.Woodhouse@...el.com>, <zhihui.gao@...wei.com>,
<panxuesong@...wei.com>
CC: <akpm@...ux-foundation.org>, chenjie <chenjie6@...wei.com>
Subject: [PATCH] memory:bugxfix panic on cat or write /dev/kmem
From: chenjie <chenjie6@...wei.com>
cat /dev/kmem and echo > /dev/kmem will lead panic
Signed-off-by: chenjie <chenjie6@...wei.com>
---
drivers/char/mem.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 71025c2..4bdde28 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -412,6 +412,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
* by the kernel or data corruption may occur
*/
kbuf = xlate_dev_kmem_ptr((void *)p);
+ if (!kbuf)
+ return -EFAULT;
if (copy_to_user(buf, kbuf, sz))
return -EFAULT;
@@ -482,6 +484,11 @@ static ssize_t do_write_kmem(unsigned long p, const char __user *buf,
* corruption may occur.
*/
ptr = xlate_dev_kmem_ptr((void *)p);
+ if (!ptr) {
+ if (written)
+ break;
+ return -EFAULT;
+ }
copied = copy_from_user(ptr, buf, sz);
if (copied) {
--
1.8.0
Powered by blists - more mailing lists