From: lauraa@codeaurora.org (Laura Abbott)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 2/2] arm64: fixmap: check idx is definitely valid
Date: Thu, 05 Mar 2015 10:48:30 -0800 [thread overview]
Message-ID: <54F8A4FE.3080907@codeaurora.org> (raw)
In-Reply-To: <1425475655-22118-2-git-send-email-mark.rutland@arm.com>
On 3/4/2015 5:27 AM, Mark Rutland wrote:
> Fixmap indices are in the interval (FIX_HOLE, __end_of_fixed_addresses),
> but in __set_fixmap we only check idx <= __end_of_fixed_addresses, and
> therefore indices <= FIX_HOLE are erroneously accepted. If called with
> such an idx, __set_fixmap may corrupt page tables outside of the fixmap
> region.
>
> This patch ensures that we validate the idx against both endpoints of
> the interval.
>
> Signed-off-by: Mark Rutland <mark.rutland@arm.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Laura Abbott <lauraa@codeaurora.org>
> Cc: Will Deacon <will.deacon@arm.com>
Acked-by: Laura Abbott <lauraa@codeaurora.org>
> ---
> arch/arm64/mm/mmu.c | 5 +----
> 1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index c6daaf6..c9267ac 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -627,10 +627,7 @@ void __set_fixmap(enum fixed_addresses idx,
> unsigned long addr = __fix_to_virt(idx);
> pte_t *pte;
>
> - if (idx >= __end_of_fixed_addresses) {
> - BUG();
> - return;
> - }
> + BUG_ON(idx <= FIX_HOLE || idx >= __end_of_fixed_addresses);
>
> pte = fixmap_pte(addr);
>
>
--
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
This e-mail address will be inactive after March 20, 2015
Please contact privately for follow up after that date.
next prev parent reply other threads:[~2015-03-05 18:48 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-04 13:27 [PATCH 1/2] arm64: fixmap: make FIX_TEXT_POKE0 permanent Mark Rutland
2015-03-04 13:27 ` [PATCH 2/2] arm64: fixmap: check idx is definitely valid Mark Rutland
2015-03-04 13:33 ` Ard Biesheuvel
2015-03-05 18:48 ` Laura Abbott [this message]
2015-03-04 13:33 ` [PATCH 1/2] arm64: fixmap: make FIX_TEXT_POKE0 permanent Ard Biesheuvel
2015-03-05 18:48 ` Laura Abbott
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54F8A4FE.3080907@codeaurora.org \
--to=lauraa@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.