Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'powerpc-6.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Madhavan Srinivasan:
- a couple of fixes for out of bounds issues in memtrace and vas
Thanks to Ritesh Harjani (IBM), Haren Myneni, and Jonathan Greental
* tag 'powerpc-6.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/vas: Return -EINVAL if the offset is non-zero in mmap()
powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap
+15
-2
+9
arch/powerpc/platforms/book3s/vas-api.c
+9
arch/powerpc/platforms/book3s/vas-api.c
···
521
521
return -EINVAL;
522
522
}
523
523
524
+
/*
525
+
* Map complete page to the paste address. So the user
526
+
* space should pass 0ULL to the offset parameter.
527
+
*/
528
+
if (vma->vm_pgoff) {
529
+
pr_debug("Page offset unsupported to map paste address\n");
530
+
return -EINVAL;
531
+
}
532
+
524
533
/* Ensure instance has an open send window */
525
534
if (!txwin) {
526
535
pr_err("No send window open?\n");
+6
-2
arch/powerpc/platforms/powernv/memtrace.c
+6
-2
arch/powerpc/platforms/powernv/memtrace.c
···
48
48
static int memtrace_mmap(struct file *filp, struct vm_area_struct *vma)
49
49
{
50
50
struct memtrace_entry *ent = filp->private_data;
51
+
unsigned long ent_nrpages = ent->size >> PAGE_SHIFT;
52
+
unsigned long vma_nrpages = vma_pages(vma);
51
53
52
-
if (ent->size < vma->vm_end - vma->vm_start)
54
+
/* The requested page offset should be within object's page count */
55
+
if (vma->vm_pgoff >= ent_nrpages)
53
56
return -EINVAL;
54
57
55
-
if (vma->vm_pgoff << PAGE_SHIFT >= ent->size)
58
+
/* The requested mapping range should remain within the bounds */
59
+
if (vma_nrpages > ent_nrpages - vma->vm_pgoff)
56
60
return -EINVAL;
57
61
58
62
vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);