* [RFC PATCH 0/6] Check length of unmapped area on MAP_FIXED
@ 2021-12-06 15:02 Liam Howlett
2021-12-06 15:02 ` [RFC PATCH 1/6] ARC: mm/mmap.c: Check length of unmapped area before allowing MAP_FIXED Liam Howlett
0 siblings, 1 reply; 2+ messages in thread
From: Liam Howlett @ 2021-12-06 15:02 UTC (permalink / raw)
To: Liam Howlett, linux-kernel, Vineet Gupta, linux-snps-arc,
Russell King, linux-arm-kernel, Nick Hu, Greentime Hu,
Vincent Chen, shinori Sato, Rich Felker, linux-sh,
David S. Miller, sparclinux
RFC because the patches are not well tested. I've not triggered the
issue these patches fix, but have compile tested arm, sh, and sparc64
using the default config. Please test the patches before accepting them
on your arch.
arc, arm, nds32, sparc32 and sparc64 do not check the size of the
requested MAP_FIXED before returning the address. It appears this issue
was cloned across various architectures and, in some cases, affects both
bottom up and top down searches. This set of patches aligns all
platforms and search directions to check the size of a MAP_FIXED
request before returning the fixed address.
Liam R. Howlett (6):
ARC: mm/mmap.c: Check length of unmapped area before allowing
MAP_FIXED
[ARM] mm/mmap.c: Check length of unmapped area before allowing
MAP_FIXED
nds32/mm/mmap.c: Check length of unmapped area before allowing
MAP_FIXED
sh/mm/mmap.c: Check length of unmapped area before allowing MAP_FIXED
sys_sparc_32.c: Check length of unmapped area before allowing
MAP_FIXED
sys_sparc_64.c: Check length of unmapped area before allowing
MAP_FIXED
arch/arc/mm/mmap.c | 6 +++---
arch/arm/mm/mmap.c | 6 +++---
arch/nds32/mm/mmap.c | 6 +++---
arch/sh/mm/mmap.c | 12 ++++++------
arch/sparc/kernel/sys_sparc_32.c | 7 ++++---
arch/sparc/kernel/sys_sparc_64.c | 16 ++++++++--------
6 files changed, 27 insertions(+), 26 deletions(-)
--
2.30.2
_______________________________________________
linux-snps-arc mailing list
linux-snps-arc@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-snps-arc
^ permalink raw reply [flat|nested] 2+ messages in thread
* [RFC PATCH 1/6] ARC: mm/mmap.c: Check length of unmapped area before allowing MAP_FIXED
2021-12-06 15:02 [RFC PATCH 0/6] Check length of unmapped area on MAP_FIXED Liam Howlett
@ 2021-12-06 15:02 ` Liam Howlett
0 siblings, 0 replies; 2+ messages in thread
From: Liam Howlett @ 2021-12-06 15:02 UTC (permalink / raw)
To: Liam Howlett, linux-kernel, Vineet Gupta, linux-snps-arc
arch_get_unmapped_area() could potentially allow a larger than possible
length when using the MAP_FIXED flag. The bound check should come
before the check for MAP_FIXED.
Fixes: 5bba49f5397c (ARC: [mm] Aliasing VIPT dcache support 4/4)
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
---
arch/arc/mm/mmap.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arc/mm/mmap.c b/arch/arc/mm/mmap.c
index 722d26b94307..1d7076406c4e 100644
--- a/arch/arc/mm/mmap.c
+++ b/arch/arc/mm/mmap.c
@@ -35,6 +35,9 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
int aliasing = cache_is_vipt_aliasing();
struct vm_unmapped_area_info info;
+ if (len > TASK_SIZE)
+ return -ENOMEM;
+
/*
* We only need to do colour alignment if D cache aliases.
*/
@@ -51,9 +54,6 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
return addr;
}
- if (len > TASK_SIZE)
- return -ENOMEM;
-
if (addr) {
if (do_align)
addr = COLOUR_ALIGN(addr, pgoff);
--
2.30.2
_______________________________________________
linux-snps-arc mailing list
linux-snps-arc@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-snps-arc
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-12-06 15:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-06 15:02 [RFC PATCH 0/6] Check length of unmapped area on MAP_FIXED Liam Howlett
2021-12-06 15:02 ` [RFC PATCH 1/6] ARC: mm/mmap.c: Check length of unmapped area before allowing MAP_FIXED Liam Howlett
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).