lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Jan 2017 12:45:32 +0100 From: Greg KH <gregkh@...uxfoundation.org> To: Robin Murphy <robin.murphy@....com> Cc: Jason@...c4.com, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH] drivers: char: mem: Fix thinko in kmem address checks On Wed, Jan 04, 2017 at 11:37:49AM +0000, Robin Murphy wrote: > When borrowing the pfn_valid() check from mmap_kmem(), somebody managed "sombody"? :) > to get physical and virtual addresses spectacularly muddled up, such > that we've ended up with checks for one being the other. Whilst this > does indeed prevent out-of-bounds accesses crashing, on most systems it > also prevents the more desirable use-case of working at all ever. > > Check the *virtual* offset correctly for what it is. > > Reported-by: Jason A. Donenfeld <Jason@...c4.com> > CC: stable@...r.kernel.org > Fixes: 148a1bc84398 ("drivers: char: mem: Check {read,write}_kmem() addresses") > Signed-off-by: Robin Murphy <robin.murphy@....com> > --- > drivers/char/mem.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/char/mem.c b/drivers/char/mem.c > index 5bb1985ec484..bdc6a4018604 100644 > --- a/drivers/char/mem.c > +++ b/drivers/char/mem.c > @@ -381,7 +381,7 @@ static ssize_t read_kmem(struct file *file, char __user *buf, > char *kbuf; /* k-addr because vread() takes vmlist_lock rwlock */ > int err = 0; > > - if (!pfn_valid(PFN_DOWN(p))) > + if (!virt_addr_valid(p)) > return -EIO; > > read = 0; > @@ -512,7 +512,7 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, > char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ > int err = 0; > > - if (!pfn_valid(PFN_DOWN(p))) > + if (!virt_addr_valid(p)) > return -EIO; > > if (p < (unsigned long) high_memory) { Jason, can you verify this fixes your test case? thanks, greg k-h
Powered by blists - more mailing lists