| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211225120621.13908-3-wangkefeng.wang@huawei.com>
Date: Sat, 25 Dec 2021 20:06:21 +0800
From: Kefeng Wang <wangkefeng.wang@...wei.com>
To: Kees Cook <keescook@...omium.org>,
Laura Abbott <labbott@...hat.com>,
"Mark Rutland" <mark.rutland@....com>, <linux-mm@...ck.org>,
Andrew Morton <akpm@...ux-foundation.org>,
<linux-kernel@...r.kernel.org>,
Michael Ellerman <mpe@...erman.id.au>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
"Paul Mackerras" <paulus@...ba.org>,
<linuxppc-dev@...ts.ozlabs.org>
CC: Nicholas Piggin <npiggin@...il.com>,
Kefeng Wang <wangkefeng.wang@...wei.com>
Subject: [PATCH v2 2/2] mm: usercopy: Warn vmalloc/module address in check_heap_object()
virt_addr_valid() could be insufficient to validate the virt addr
on some architecture, which could lead to potential BUG which has
been found on arm64/powerpc64.
Let's add WARN_ON to check if the virt addr is passed virt_addr_valid()
but is a vmalloc/module address.
Signed-off-by: Kefeng Wang <wangkefeng.wang@...wei.com>
---
mm/usercopy.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mm/usercopy.c b/mm/usercopy.c
index b3de3c4eefba..ce83e0b137dd 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -228,6 +228,8 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
if (!virt_addr_valid(ptr))
return;
+ WARN_ON_ONCE(is_vmalloc_or_module_addr(ptr));
+
/*
* When CONFIG_HIGHMEM=y, kmap_to_page() will give either the
* highmem page or fallback to virt_to_page(). The following
--
2.26.2
Powered by blists - more mailing lists