b299cde245
/dev/mem currently allows mmap() mappings that wrap around the end of the physical address space, which should probably be illegal. It circumvents the existing STRICT_DEVMEM permission check because the loop immediately terminates (as the start address is already higher than the end address). On the x86_64 architecture it will then cause a panic (from the BUG(start >= end) in arch/x86/mm/pat.c:reserve_memtype()). This patch adds an explicit check to make sure offset + size will not wrap around in the physical address type. Signed-off-by: Julius Werner <jwerner@chromium.org> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| agp | ||
| hw_random | ||
| ipmi | ||
| mwave | ||
| pcmcia | ||
| tpm | ||
| xilinx_hwicap | ||
| xillybus | ||
| apm-emulation.c | ||
| applicom.c | ||
| applicom.h | ||
| bfin-otp.c | ||
| bsr.c | ||
| ds1302.c | ||
| ds1620.c | ||
| dsp56k.c | ||
| dtlk.c | ||
| efirtc.c | ||
| generic_nvram.c | ||
| hangcheck-timer.c | ||
| hpet.c | ||
| Kconfig | ||
| lp.c | ||
| Makefile | ||
| mbcs.c | ||
| mbcs.h | ||
| mem.c | ||
| misc.c | ||
| mmtimer.c | ||
| mspec.c | ||
| nsc_gpio.c | ||
| nvram.c | ||
| nwbutton.c | ||
| nwbutton.h | ||
| nwflash.c | ||
| pc8736x_gpio.c | ||
| powernv-op-panel.c | ||
| ppdev.c | ||
| ps3flash.c | ||
| random.c | ||
| raw.c | ||
| rtc.c | ||
| scx200_gpio.c | ||
| snsc_event.c | ||
| snsc.c | ||
| snsc.h | ||
| sonypi.c | ||
| tb0219.c | ||
| tile-srom.c | ||
| tlclk.c | ||
| toshiba.c | ||
| ttyprintk.c | ||
| uv_mmtimer.c | ||
| virtio_console.c | ||