| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Apr 2022 21:30:20 +0200
From: "Fabio M. De Francesco" <fmdefrancesco@...il.com>
To: Andrew Morton <akpm@...ux-foundation.org>,
Ira Weiny <ira.weiny@...el.com>,
Catalin Marinas <catalin.marinas@....com>,
"Matthew Wilcox (Oracle)" <willy@...radead.org>,
Peter Collingbourne <pcc@...gle.com>,
linux-kernel@...r.kernel.org
Cc: "Fabio M. De Francesco" <fmdefrancesco@...il.com>
Subject: [PATCH] mm/highmem: VM_BUG_ON() if offset + len > PAGE_SIZE
Add VM_BUG_ON() bounds checking to make sure that, if "offset + len>
PAGE_SIZE", memset() does not corrupt data in adjacent pages.
Cc: Ira Weiny <ira.weiny@...el.com>
Signed-off-by: Fabio M. De Francesco <fmdefrancesco@...il.com>
---
include/linux/highmem.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/highmem.h b/include/linux/highmem.h
index 6b2d59e025c5..d54dbaae9a5e 100644
--- a/include/linux/highmem.h
+++ b/include/linux/highmem.h
@@ -380,6 +380,8 @@ static inline void memcpy_to_page(struct page *page, size_t offset,
static inline void memzero_page(struct page *page, size_t offset, size_t len)
{
char *addr = kmap_local_page(page);
+
+ VM_BUG_ON(offset + len > PAGE_SIZE);
memset(addr + offset, 0, len);
flush_dcache_page(page);
kunmap_local(addr);
--
2.34.1
Powered by blists - more mailing lists