Commit ce56a86e authored by Craig Bergstrom's avatar Craig Bergstrom Committed by Ingo Molnar

x86/mm: Limit mmap() of /dev/mem to valid physical addresses

Currently, it is possible to mmap() any offset from /dev/mem.  If a
program mmaps() /dev/mem offsets outside of the addressable limits
of a system, the page table can be corrupted by setting reserved bits.

For example if you mmap() offset 0x0001000000000000 of /dev/mem on an
x86_64 system with a 48-bit bus, the page fault handler will be called
with error_code set to RSVD.  The kernel then crashes with a page table
corruption error.

This change prevents this page table corruption on x86 by refusing
to mmap offsets higher than the highest valid address in the system.
Signed-off-by: default avatarCraig Bergstrom <>
Cc: Andrew Morton <>
Cc: Andy Lutomirski <>
Cc: Borislav Petkov <>
Cc: Brian Gerst <>
Cc: Denys Vlasenko <>
Cc: H. Peter Anvin <>
Cc: Josh Poimboeuf <>
Cc: Linus Torvalds <>
Cc: Luis R. Rodriguez <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Cc: Toshi Kani <>
Link: default avatarIngo Molnar <>
parent 7ac7f2c3
...@@ -110,6 +110,10 @@ build_mmio_write(__writeq, "q", unsigned long, "r", ) ...@@ -110,6 +110,10 @@ build_mmio_write(__writeq, "q", unsigned long, "r", )
#endif #endif
extern int valid_phys_addr_range(phys_addr_t addr, size_t size);
extern int valid_mmap_phys_addr_range(unsigned long pfn, size_t size);
/** /**
* virt_to_phys - map virtual addresses to physical * virt_to_phys - map virtual addresses to physical
* @address: address to remap * @address: address to remap
...@@ -174,3 +174,15 @@ const char *arch_vma_name(struct vm_area_struct *vma) ...@@ -174,3 +174,15 @@ const char *arch_vma_name(struct vm_area_struct *vma)
return "[mpx]"; return "[mpx]";
return NULL; return NULL;
} }
int valid_phys_addr_range(phys_addr_t addr, size_t count)
return addr + count <= __pa(high_memory);
int valid_mmap_phys_addr_range(unsigned long pfn, size_t count)
phys_addr_t addr = (phys_addr_t)pfn << PAGE_SHIFT;
return valid_phys_addr_range(addr, count);
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment