• Craig Bergstrom's avatar
    x86/mm: Limit mmap() of /dev/mem to valid physical addresses · ce56a86e
    Craig Bergstrom authored
    Currently, it is possible to mmap() any offset from /dev/mem.  If a
    program mmaps() /dev/mem offsets outside of the addressable limits
    of a system, the page table can be corrupted by setting reserved bits.
    
    For example if you mmap() offset 0x0001000000000000 of /dev/mem on an
    x86_64 system with a 48-bit bus, the page fault handler will be called
    with error_code set to RSVD.  The kernel then crashes with a page table
    corruption error.
    
    This change prevents this page table corruption on x86 by refusing
    to mmap offsets higher than the highest valid address in the system.
    Signed-off-by: default avatarCraig Bergstrom <craigb@google.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Brian Gerst <brgerst@gmail.com>
    Cc: Denys Vlasenko <dvlasenk@redhat.com>
    Cc: H. Peter Anvin <hpa@zytor.com>
    Cc: Josh Poimboeuf <jpoimboe@redhat.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Luis R. Rodriguez <mcgrof@suse.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Toshi Kani <toshi.kani@hp.com>
    Cc: dsafonov@virtuozzo.com
    Cc: kirill.shutemov@linux.intel.com
    Cc: mhocko@suse.com
    Cc: oleg@redhat.com
    Link: http://lkml.kernel.org/r/20171019192856.39672-1-craigb@google.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    ce56a86e
Name
Last commit
Last update
..
alpha Loading commit data...
arc Loading commit data...
arm Loading commit data...
arm64 Loading commit data...
blackfin Loading commit data...
c6x Loading commit data...
cris Loading commit data...
frv Loading commit data...
h8300 Loading commit data...
hexagon Loading commit data...
ia64 Loading commit data...
m32r Loading commit data...
m68k Loading commit data...
metag Loading commit data...
microblaze Loading commit data...
mips Loading commit data...
mn10300 Loading commit data...
nios2 Loading commit data...
openrisc Loading commit data...
parisc Loading commit data...
powerpc Loading commit data...
s390 Loading commit data...
score Loading commit data...
sh Loading commit data...
sparc Loading commit data...
tile Loading commit data...
um Loading commit data...
unicore32 Loading commit data...
x86 Loading commit data...
xtensa Loading commit data...
.gitignore Loading commit data...
Kconfig Loading commit data...