forked from luck/tmp_suning_uos_patched
[POWERPC] spufs: avoid accessing kernel memory through mmapped /mem node
I found an exploit in current kernel. Currently, there is no range check about mmapping "/mem" node in spufs. Thus, an application can access privilege memory region. In case this kernel already worked on a public server, I send this information only here. If there are such servers in somewhere, please replace it, ASAP. Signed-off-by: Masato Noguchi <Masato.Noguchi@jp.sony.com> Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
This commit is contained in:
parent
2eb1b12049
commit
128b8546a8
@ -103,6 +103,9 @@ static unsigned long spufs_mem_mmap_nopfn(struct vm_area_struct *vma,
|
|||||||
|
|
||||||
offset += vma->vm_pgoff << PAGE_SHIFT;
|
offset += vma->vm_pgoff << PAGE_SHIFT;
|
||||||
|
|
||||||
|
if (offset >= LS_SIZE)
|
||||||
|
return NOPFN_SIGBUS;
|
||||||
|
|
||||||
spu_acquire(ctx);
|
spu_acquire(ctx);
|
||||||
|
|
||||||
if (ctx->state == SPU_STATE_SAVED) {
|
if (ctx->state == SPU_STATE_SAVED) {
|
||||||
|
Loading…
Reference in New Issue
Block a user