[RFC PATCH 0/6] Check length of unmapped area on MAP_FIXED

[RFC PATCH 0/6] Check length of unmapped area on MAP_FIXED

[Liam Howlett]

RFC because the patches are not well tested.  I've not triggered the
issue these patches fix, but have compile tested arm, sh, and sparc64
using the default config.  Please test the patches before accepting them
on your arch.

arc, arm, nds32, sparc32 and sparc64 do not check the size of the
requested MAP_FIXED before returning the address.  It appears this issue
was cloned across various architectures and, in some cases, affects both
bottom up and top down searches.  This set of patches aligns all
platforms and search directions to check the size of a MAP_FIXED
request before returning the fixed address.

Liam R. Howlett (6):
  ARC: mm/mmap.c: Check length of unmapped area before allowing
    MAP_FIXED
  [ARM] mm/mmap.c: Check length of unmapped area before allowing
    MAP_FIXED
  nds32/mm/mmap.c: Check length of unmapped area before allowing
    MAP_FIXED
  sh/mm/mmap.c: Check length of unmapped area before allowing MAP_FIXED
  sys_sparc_32.c: Check length of unmapped area before allowing
    MAP_FIXED
  sys_sparc_64.c: Check length of unmapped area before allowing
    MAP_FIXED

 arch/arc/mm/mmap.c               |  6 +++---
 arch/arm/mm/mmap.c               |  6 +++---
 arch/nds32/mm/mmap.c             |  6 +++---
 arch/sh/mm/mmap.c                | 12 ++++++------
 arch/sparc/kernel/sys_sparc_32.c |  7 ++++---
 arch/sparc/kernel/sys_sparc_64.c | 16 ++++++++--------
 6 files changed, 27 insertions(+), 26 deletions(-)

-- 
2.30.2

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

[RFC PATCH 2/6] [ARM] mm/mmap.c: Check length of unmapped area before allowing MAP_FIXED

[Liam Howlett]

arch_get_unmapped_area() could potentially allow a larger than possible
length when using the MAP_FIXED flag.  The bound check should come
before the check for MAP_FIXED.

Fixes: 4fbe66759b2a ([ARM] Fix shared mmap()ings for ARM VIPT caches.)
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
---
 arch/arm/mm/mmap.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
index a0f8a0ca0788..cb135556ce36 100644
--- a/arch/arm/mm/mmap.c
+++ b/arch/arm/mm/mmap.c
@@ -36,6 +36,9 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
 	int aliasing = cache_is_vipt_aliasing();
 	struct vm_unmapped_area_info info;
 
+	if (len > TASK_SIZE)
+		return -ENOMEM;
+
 	/*
 	 * We only need to do colour alignment if either the I or D
 	 * caches alias.
@@ -53,9 +56,6 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
 		return addr;
 	}
 
-	if (len > TASK_SIZE)
-		return -ENOMEM;
-
 	if (addr) {
 		if (do_align)
 			addr = COLOUR_ALIGN(addr, pgoff);
-- 
2.30.2

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel