From: Wu Fengguang <fengguang.wu@intel.com>
To: Andrew Morton <akpm@linux-foundation.org>
To: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Greg Kroah-Hartman <gregkh@suse.de>,
Hugh Dickins <hugh.dickins@tiscali.co.uk>,
Wu Fengguang <fengguang.wu@intel.com>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Tejun Heo <tj@kernel.org>
Cc: Nick Piggin <npiggin@suse.de>
Cc: LKML <linux-kernel@vger.kernel.org>, linux-mm@kvack.org
Subject: [PATCH 2/3] devmem: check vmalloc address on kmem read/write
Date: Wed, 16 Sep 2009 09:39:41 +0800 [thread overview]
Message-ID: <20090916014958.836124324@intel.com> (raw)
In-Reply-To: 20090916013939.656308742@intel.com
[-- Attachment #1: vmalloc-addr-fix.patch --]
[-- Type: text/plain, Size: 1389 bytes --]
From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Otherwise vmalloc_to_page() will BUG().
This also makes the kmem read/write implementation aligned with mem(4):
"References to nonexistent locations cause errors to be returned." Here
we return -ENXIO (inspired by Hugh) if no bytes have been transfered
to/from user space, otherwise return partial read/write results.
CC: Greg Kroah-Hartman <gregkh@suse.de>
CC: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
---
drivers/char/mem.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- linux-mm.orig/drivers/char/mem.c 2009-09-16 08:52:17.000000000 +0800
+++ linux-mm/drivers/char/mem.c 2009-09-16 09:15:03.000000000 +0800
@@ -443,6 +443,10 @@ static ssize_t read_kmem(struct file *fi
return -ENOMEM;
while (count > 0) {
sz = size_inside_page(p, count);
+ if (!is_vmalloc_or_module_addr((void *)p)) {
+ err = -ENXIO;
+ break;
+ }
err = vread(kbuf, (char *)p, sz);
if (err)
break;
@@ -543,6 +547,10 @@ static ssize_t write_kmem(struct file *
unsigned long sz = size_inside_page(p, count);
unsigned long n;
+ if (!is_vmalloc_or_module_addr((void *)p)) {
+ err = -ENXIO;
+ break;
+ }
n = copy_from_user(kbuf, buf, sz);
if (n) {
err = -EFAULT;
--
next prev parent reply other threads:[~2009-09-16 1:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-16 1:39 [PATCH 0/3] /proc/kmem fixes and hwpoison bits v2 Wu Fengguang
2009-09-16 1:39 ` [PATCH 1/3] devmem: change vread()/vwrite() prototype to return success or error code Wu Fengguang
2009-09-16 2:14 ` KAMEZAWA Hiroyuki
2009-09-16 2:39 ` Wu Fengguang
2010-09-14 4:42 ` KAMEZAWA Hiroyuki
2009-09-16 1:39 ` Wu Fengguang [this message]
2009-09-16 2:50 ` [PATCH 2/3] devmem: check vmalloc address on kmem read/write KAMEZAWA Hiroyuki
2009-09-16 1:39 ` [PATCH 3/3] HWPOISON: prevent /dev/kmem users from accessing hwpoison pages Wu Fengguang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090916014958.836124324@intel.com \
--to=fengguang.wu@intel.com \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=gregkh@suse.de \
--cc=hugh.dickins@tiscali.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox