https://github.com/torvalds/linux
Revision 951531691c4bcaa59f56a316e018bc2ff1ddf855 authored by Isaac J. Manjarres on 13 August 2019, 22:37:37 UTC, committed by Linus Torvalds on 13 August 2019, 23:06:52 UTC
Currently, when checking to see if accessing n bytes starting at address "ptr" will cause a wraparound in the memory addresses, the check in check_bogus_address() adds an extra byte, which is incorrect, as the range of addresses that will be accessed is [ptr, ptr + (n - 1)]. This can lead to incorrectly detecting a wraparound in the memory address, when trying to read 4 KB from memory that is mapped to the the last possible page in the virtual address space, when in fact, accessing that range of memory would not cause a wraparound to occur. Use the memory range that will actually be accessed when considering if accessing a certain amount of bytes will cause the memory address to wrap around. Link: http://lkml.kernel.org/r/1564509253-23287-1-git-send-email-isaacm@codeaurora.org Fixes: f5509cc18daa ("mm: Hardened usercopy") Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org> Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> Co-developed-by: Prasad Sodagudi <psodagud@codeaurora.org> Reviewed-by: William Kucharski <william.kucharski@oracle.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Trilok Soni <tsoni@codeaurora.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent fcf3a5b
Tip revision: 951531691c4bcaa59f56a316e018bc2ff1ddf855 authored by Isaac J. Manjarres on 13 August 2019, 22:37:37 UTC
mm/usercopy: use memory range to be accessed for wraparound check
mm/usercopy: use memory range to be accessed for wraparound check
Tip revision: 9515316
File | Mode | Size |
---|---|---|
Documentation | ||
LICENSES | ||
arch | ||
block | ||
certs | ||
crypto | ||
drivers | ||
fs | ||
include | ||
init | ||
ipc | ||
kernel | ||
lib | ||
mm | ||
net | ||
samples | ||
scripts | ||
security | ||
sound | ||
tools | ||
usr | ||
virt | ||
.clang-format | -rw-r--r-- | 14.6 KB |
.cocciconfig | -rw-r--r-- | 59 bytes |
.get_maintainer.ignore | -rw-r--r-- | 71 bytes |
.gitattributes | -rw-r--r-- | 30 bytes |
.gitignore | -rw-r--r-- | 1.7 KB |
.mailmap | -rw-r--r-- | 12.2 KB |
COPYING | -rw-r--r-- | 423 bytes |
CREDITS | -rw-r--r-- | 97.1 KB |
Kbuild | -rw-r--r-- | 1.5 KB |
Kconfig | -rw-r--r-- | 595 bytes |
MAINTAINERS | -rw-r--r-- | 510.2 KB |
Makefile | -rw-r--r-- | 59.7 KB |
README | -rw-r--r-- | 727 bytes |
![swh spinner](/static/img/swh-spinner.gif)
Computing file changes ...