From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5632AC43331 for ; Mon, 11 Nov 2019 11:46:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2994C2196E for ; Mon, 11 Nov 2019 11:46:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573472780; bh=Mngmwt5ehNfydvH5+MyDl+bMhJj5Sa8XVoQfZL7Muq8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=vuVlUKpdogpS8VZ8g3PcCcouo+nCqUQAlM1qRLvRZcHfxCxqE7oDp2vwZbX2D/JC1 nwcc+vwC2COZKkN/Jjjo+P+FaKwJbXLXAGbeBkHdryVRvIxoPYvAppQMKpr8IYrQst V/NiTF1gLBlRFnxneumv2FtyOSb8GnE1W1wWXY40= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726949AbfKKLqS (ORCPT ); Mon, 11 Nov 2019 06:46:18 -0500 Received: from mail.kernel.org ([198.145.29.99]:45884 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726810AbfKKLqS (ORCPT ); Mon, 11 Nov 2019 06:46:18 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7F2832184C; Mon, 11 Nov 2019 11:46:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573472778; bh=Mngmwt5ehNfydvH5+MyDl+bMhJj5Sa8XVoQfZL7Muq8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=aLnN84N3ez2marIBm1OMVpyOO6edGWJRaY81Rhak9oiqx87FWhAhHXJGFRRVylekl Sb/+i9uk969oKTPUQJxNu2v/EFBDq06xIMJ+EL9d6S4R4bRJcoT+izJHCh2wumze/x lbuwZaiy9h4VW6PRokkOouT/7h20pJSuzNldvQAg= Date: Mon, 11 Nov 2019 12:46:15 +0100 From: Greg Kroah-Hartman To: Hans Verkuil Cc: Omer Shalev , Mauro Carvalho Chehab , Kate Stewart , Richard Fontana , Allison Randal , Thomas Gleixner , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] media:usb:cpia2: Properly check framebuffer mmap offsets Message-ID: <20191111114615.GA418224@kroah.com> References: <20191108215038.59170-1-omerdeshalev@gmail.com> <20191108204949.GA1277001@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.2 (2019-09-21) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Nov 09, 2019 at 12:39:43PM +0100, Hans Verkuil wrote: > Hi Greg, > > On 11/8/19 9:49 PM, Greg Kroah-Hartman wrote: > > On Fri, Nov 08, 2019 at 09:50:36PM +0000, Omer Shalev wrote: > >> The cpai2 driver's mmap implementation wasn't properly check for all > >> possible offset values. Given a huge offset value , the calculation > >> start_offset + size can wrap around to a low value and pass the check > > > > I thought we checked that in the core of the kernel now, to keep all > > drivers from not having to do this type of thing (as they obviously all > > forgot to.) Why is this still needed here as well? > > Where is that checked in the core? I couldn't find anything, but I might > have been looking in the wrong place. Sorry, took me a while to find it. Look at be83bbf80682 ("mmap: introduce sane default mmap limits") as I think this should handle the problem already. thanks, greg k-h