/dev/mem: dont allow seek to last page

So as to return a uniform error -EOVERFLOW instead of a random one: # kmem-seek 0xfffffffffffffff0 seek /dev/kmem: Device or resource busy # kmem-seek 0xfffffffffffffff1 seek /dev/kmem: Block device required Suggested by OGAWA Hirofumi. Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

/dev/mem: dont allow seek to last page
So as to return a uniform error -EOVERFLOW instead of a random one: # kmem-seek 0xfffffffffffffff0 seek /dev/kmem: Device or resource busy # kmem-seek 0xfffffffffffffff1 seek /dev/kmem: Block device required Suggested by OGAWA Hirofumi. Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Wu Fengguang · Linus Torvalds
1 parent 2cb9a75d13
Showing 1 changed file with 13 additions and 6 deletions Side-by-side Diff
drivers/char/mem.c
@@ -708,13 +708,20 @@
  
 	mutex_lock(&file->f_path.dentry->d_inode->i_mutex);
 	switch (orig) {
-		case 0:
+		case SEEK_CUR:
+			offset += file->f_pos;
+			if ((unsigned long long)offset <
+			    (unsigned long long)file->f_pos) {
+				ret = -EOVERFLOW;
+				break;
+			}
+		case SEEK_SET:
+			/* to avoid userland mistaking f_pos=-9 as -EBADF=-9 */
+			if ((unsigned long long)offset >= ~0xFFFULL) {
+				ret = -EOVERFLOW;
+				break;
+			}
 			file->f_pos = offset;
-			ret = file->f_pos;
-			force_successful_syscall_return();
-			break;
-		case 1:
-			file->f_pos += offset;
 			ret = file->f_pos;
 			force_successful_syscall_return();
 			break;
...	...	@@ -708,13 +708,20 @@
708	708
709	709	mutex_lock(&file->f_path.dentry->d_inode->i_mutex);
710	710	switch (orig) {
711		- case 0:
	711	+ case SEEK_CUR:
	712	+ offset += file->f_pos;
	713	+ if ((unsigned long long)offset <
	714	+ (unsigned long long)file->f_pos) {
	715	+ ret = -EOVERFLOW;
	716	+ break;
	717	+ }
	718	+ case SEEK_SET:
	719	+ /* to avoid userland mistaking f_pos=-9 as -EBADF=-9 */
	720	+ if ((unsigned long long)offset >= ~0xFFFULL) {
	721	+ ret = -EOVERFLOW;
	722	+ break;
	723	+ }
712	724	file->f_pos = offset;
713		- ret = file->f_pos;
714		- force_successful_syscall_return();
715		- break;
716		- case 1:
717		- file->f_pos += offset;
718	725	ret = file->f_pos;
719	726	force_successful_syscall_return();
720	727	break;