Commit 9cb12d7b4ccaa976f97ce0c5fd0f1b6a83bc2a75
Committed by
Linus Torvalds
1 parent
8f4ab07f4b
Exists in
ti-lsk-linux-4.1.y
and in
10 other branches
mm/memory.c: actually remap enough memory
For whatever reason, generic_access_phys() only remaps one page, but actually allows to access arbitrary size. It's quite easy to trigger large reads, like printing out large structure with gdb, which leads to a crash. Fix it by remapping correct size. Fixes: 28b2ee20c7cb ("access_process_vm device memory infrastructure") Signed-off-by: Grazvydas Ignotas <notasas@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
mm/memory.c
... | ... | @@ -3462,7 +3462,7 @@ |
3462 | 3462 | if (follow_phys(vma, addr, write, &prot, &phys_addr)) |
3463 | 3463 | return -EINVAL; |
3464 | 3464 | |
3465 | - maddr = ioremap_prot(phys_addr, PAGE_SIZE, prot); | |
3465 | + maddr = ioremap_prot(phys_addr, PAGE_ALIGN(len + offset), prot); | |
3466 | 3466 | if (write) |
3467 | 3467 | memcpy_toio(maddr + offset, buf, len); |
3468 | 3468 | else |