github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 15:42:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
2931b31ff9
linux/drivers
History
Linus Torvalds a7d507200f mtdchar: fix offset overflow detection 
commit 9c603e53d3 upstream.

Sasha Levin has been running trinity in a KVM tools guest, and was able
to trigger the BUG_ON() at arch/x86/mm/pat.c:279 (verifying the range of
the memory type).  The call trace showed that it was mtdchar_mmap() that
created an invalid remap_pfn_range().

The problem is that mtdchar_mmap() does various really odd and subtle
things with the vma page offset etc, and uses the wrong types (and the
wrong overflow) detection for it.

For example, the page offset may well be 32-bit on a 32-bit
architecture, but after shifting it up by PAGE_SHIFT, we need to use a
potentially 64-bit resource_size_t to correctly hold the full value.

Also, we need to check that the vma length plus offset doesn't overflow
before we check that it is smaller than the length of the mtdmap region.

This fixes things up and tries to make the code a bit easier to read.

Reported-and-tested-by: Sasha Levin <levinsasha928@gmail.com>
Acked-by: Suresh Siddha <suresh.b.siddha@intel.com>
Acked-by: Artem Bityutskiy <dedekind1@gmail.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: linux-mtd@lists.infradead.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-04-16 21:27:27 -07:00
..
accessibility
acpi ACPI: Add DMI entry for Sony VGN-FW41E_H 2013-03-04 06:06:44 +08:00
amba ARM: 7366/3: amba: Remove AMBA level regulator support 2012-04-13 14:04:08 +01:00
ata ata_piix: Fix DVD not dectected at some Haswell platforms 2013-04-12 09:38:45 -07:00
atm atm/iphase: rename fregt_t -> ffreg_t 2013-02-14 10:49:05 -08:00
auxdisplay
base regmap: cache Fix regcache-rbtree sync 2013-04-12 09:38:43 -07:00
bcma bcma: mips: fix clearing device IRQ 2013-01-17 08:50:41 -08:00
block Revert "xen/blkback: Don't trust the handle from the frontend." 2013-04-05 10:04:52 -07:00
bluetooth Bluetooth: Add support for Dell[QCA 0cf3:817a] 2013-04-05 10:04:15 -07:00
cdrom
char virtio: rng: disallow multiple device registrations, fixes crashes 2013-03-20 13:04:57 -07:00
clk clk: Check parent for NULL in clk_change_rate 2012-07-19 08:58:59 -07:00
clocksource Revert "clocksource: Load the ACPI PM clocksource asynchronously" 2012-04-12 00:05:05 +02:00
connector
cpufreq Fix memory leak in cpufreq stats. 2013-03-14 11:29:51 -07:00
cpuidle Merge branches 'idle-fix' and 'misc' into release 2012-04-06 21:48:59 -04:00
crypto crypto: mv_cesa requires on CRYPTO_HASH to build 2012-05-15 01:10:06 +00:00
dca dca: check against empty dca_domains list before unregister provider 2013-02-28 06:59:06 -08:00
devfreq ARM: global cleanups 2012-03-27 16:03:32 -07:00
dio
dma ioat: Fix DMA memory sync direction correct flag 2013-01-27 20:47:44 -08:00
edac EDAC: Test correct variable in ->store function 2013-02-03 18:24:41 -06:00
eisa EISA/PCI: Fix bus res reference 2013-04-12 09:38:44 -07:00
firewire firewire: add minor number range check to fw_device_init() 2013-03-04 06:06:41 +08:00
firmware efivars: Handle duplicate names from get_next_variable() 2013-04-05 10:04:36 -07:00
gpio gpiolib: Don't return -EPROBE_DEFER to sysfs, or for invalid gpios 2012-11-05 09:50:41 +01:00
gpu udl: handle EDID failure properly. 2013-04-16 21:27:26 -07:00
hid HID: usbhid: quirk for Realtek Multi-card reader 2013-04-05 10:04:16 -07:00
hsi HSI: hsi_char: Remove max_data_size from sysfs 2012-04-23 14:23:32 +03:00
hv Drivers: hv: Cleanup error handling in vmbus_open() 2012-10-31 10:02:58 -07:00
hwmon hwmon: (sht15) Fix memory leak if regulator_enable() fails 2013-03-20 13:05:00 -07:00
hwspinlock hwspinlock: fix __hwspin_lock_request error path 2013-04-12 09:38:46 -07:00
i2c i2c-i801: Add Device IDs for Intel Lynx Point-LP PCH 2012-09-14 10:00:33 -07:00
ide Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
idle simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
ieee802154
infiniband IPoIB: Fix send lockup due to missed TX completion 2013-03-28 12:12:25 -07:00
input Input: sentelic - only report position of first finger as ST coordinates 2013-01-11 09:06:56 -08:00
iommu iommu/amd: Make sure dma_ops are set for hotplug devices 2013-04-05 10:04:18 -07:00
isdn isdn/gigaset: fix zero size border case in debug dump 2013-02-14 10:49:04 -08:00
leds drivers/leds/leds-lp5521.c: fix lp5521_read() error handling 2012-12-03 11:46:36 -08:00
lguest
macintosh Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
mca
md md: raid0: fix error return from create_stripe_zones. 2013-03-14 11:29:49 -07:00
media media: rc: unlock on error in show_protocols() 2013-03-04 06:06:41 +08:00
memstick memstick: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:19 +08:00
message Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
mfd mfd: Only unregister platform devices allocated by the mfd core 2013-01-17 08:50:45 -08:00
misc SGI-XP: handle non-fatal traps 2013-01-11 09:06:29 -08:00
mmc mmc: sdhci-esdhc-imx: fix host version read 2013-02-28 06:59:05 -08:00
mtd mtdchar: fix offset overflow detection 2013-04-16 21:27:27 -07:00
net rt2x00: rt2x00pci_regbusy_read() - only print register access failure once 2013-04-12 09:38:47 -07:00
nfc NFC: pn533: Fix mem leak in pn533_in_dep_link_up 2012-12-03 11:47:12 -08:00
nubus Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
of gpio: Fix range check in of_gpio_simple_xlate() 2012-04-10 14:20:56 -06:00
oprofile oprofile: perf: use NR_CPUS instead or nr_cpumask_bits for static array 2012-07-16 09:04:21 -07:00
parisc parisc: move definition of PAGE0 to asm/page.h 2012-05-10 15:12:08 -07:00
parport
pci PCI/PM: Clean up PME state when removing a device 2013-02-17 10:49:26 -08:00
pcmcia pcmcia/vrc4171: Add missing spinlock init 2013-02-28 06:59:05 -08:00
pinctrl pinctrl: tegra: set low power mode bank width to 2 2012-10-28 10:14:14 -07:00
platform asus-laptop: Do not call HWRS on init 2013-03-28 12:12:28 -07:00
pnp pnpacpi: fix incorrect TEST_ALPHA() test 2013-01-11 09:06:29 -08:00
power ab8500_btemp: Demote initcall sequence 2013-03-04 06:06:44 +08:00
pps
ps3
ptp ptp_pch: Add missing #include <linux/slab.h> 2012-05-16 14:44:44 -04:00
rapidio rapidio/tsi721: fix unused variable compiler warning 2012-09-14 10:00:20 -07:00
regulator regulator: wm831x: Set the new rather than old value for DVS VSEL 2013-01-17 08:50:41 -08:00
remoteproc remoteproc: fix a potential NULL-dereference on cleanup 2012-10-07 08:32:28 -07:00
rpmsg rpmsg: fix dependency on initialization order 2012-07-19 08:58:57 -07:00
rtc drivers/rtc/rtc-isl1208.c: call rtc_update_irq() from the alarm irq handler 2013-02-11 08:47:18 -08:00
s390 KVM: s390: Handle hosts not supporting s390-virtio. 2013-02-28 06:59:01 -08:00
sbus Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
scsi SCSI: libsas: fix handling vacant phy in sas_set_ex_phy() 2013-04-16 21:27:26 -07:00
sfi
sh SuperH updates for 3.4 merge window 2012-03-30 00:09:17 -07:00
sn
spi spi/mpc512x-psc: optionally keep PSC SS asserted across xfer segmensts 2013-04-12 09:38:43 -07:00
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
staging staging: comedi: s626: fix continuous acquisition 2013-04-05 10:04:15 -07:00
target target: Fix incorrect fallthrough of ALUA Standby/Offline/Transition CDBs 2013-04-16 21:27:26 -07:00
tc
thermal thermal: return an error on failure to register thermal class 2013-04-12 09:38:47 -07:00
tty vt: synchronize_rcu() under spinlock is not nice... 2013-04-05 10:04:19 -07:00
uio
usb usb: gadget: udc-core: fix a regression during gadget driver unbinding 2013-04-05 10:04:35 -07:00
uwb uwb: fix error handling 2012-04-18 13:15:51 -07:00
vhost vhost/net: fix heads usage of ubuf_info 2013-03-28 12:11:54 -07:00
video atmel_lcdfb: fix 16-bpp modes on older SOCs 2013-03-20 13:05:00 -07:00
virt
virtio virtio: force vring descriptors to be allocated from lowmem 2013-01-11 09:06:47 -08:00
vlynq
w1 w1: fix oops when w1_search is called from netlink connector 2013-03-20 13:04:59 -07:00
watchdog hpwdt: Fix kdump issue in hpwdt 2012-10-02 10:30:08 -07:00
xen xen/pciback: Don't disable a PCI device that is already disabled. 2013-03-20 13:04:57 -07:00
zorro
Kconfig Merge branch 'for-next' of git://gitorious.org/kernel-hsi/kernel-hsi 2012-04-02 09:50:40 -07:00
Makefile Merge branch 'for-next' of git://gitorious.org/kernel-hsi/kernel-hsi 2012-04-02 09:50:40 -07:00