github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-11 08:03:05 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
79286ea830
linux/arch
History
David Hildenbrand 79286ea830 s390/pci_mmio: fully validate the VMA before calling follow_pte() 
commit a8b92b8c1e upstream.

We should not walk/touch page tables outside of VMA boundaries when
holding only the mmap sem in read mode. Evil user space can modify the
VMA layout just before this function runs and e.g., trigger races with
page table removal code since commit dd2283f260 ("mm: mmap: zap pages
with read mmap_sem in munmap").

find_vma() does not check if the address is >= the VMA start address;
use vma_lookup() instead.

Reviewed-by: Niklas Schnelle <schnelle@linux.ibm.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Fixes: dd2283f260 ("mm: mmap: zap pages with read mmap_sem in munmap")
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-09-26 14:08:55 +02:00
..
alpha alpha: Send stop IPI to send to online CPUs 2021-08-12 13:22:20 +02:00
arc ARC: export clear_user_page() for modules 2021-09-22 12:28:04 +02:00
arm ARM: tegra: tamonten: Fix UART pad setting 2021-09-18 13:40:28 +02:00
arm64 KVM: arm64: Handle PSCI resets before userspace touches vCPU state 2021-09-22 12:28:04 +02:00
c6x arch-cleanup-2020-10-22 2020-10-23 10:06:38 -07:00
csky csky: syscache: Fixup duplicate cache flush 2021-07-14 16:56:52 +02:00
h8300 h8300: fix PREEMPTION build, TI_PRE_COUNT undefined 2021-02-17 11:02:28 +01:00
hexagon hexagon: use common DISCARDS macro 2021-07-20 16:05:53 +02:00
ia64 mm/page_alloc: fix memory map initialization for descending nodes 2021-07-25 14:36:18 +02:00
m68k m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch 2021-09-18 13:40:31 +02:00
microblaze local64.h: make <asm/local64.h> mandatory 2021-01-12 20:18:16 +01:00
mips MIPS: Malta: fix alignment of the devicetree buffer 2021-09-18 13:40:16 +02:00
nds32 nds32: fix up stack guard gap 2021-07-28 14:35:46 +02:00
nios2 nios2: fixed broken sys_clone syscall 2021-03-04 11:38:16 +01:00
openrisc openrisc: don't printk() unconditionally 2021-09-18 13:40:13 +02:00
parisc parisc: fix crash with signals and alloca 2021-09-18 13:40:35 +02:00
powerpc KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers 2021-09-22 12:27:59 +02:00
riscv riscv: Fixup patch_text panic in ftrace 2021-09-03 10:09:29 +02:00
s390 s390/pci_mmio: fully validate the VMA before calling follow_pte() 2021-09-26 14:08:55 +02:00
sh sched/core: Initialize the idle task with preemption disabled 2021-07-14 16:55:50 +02:00
sparc bpf: Introduce BPF nospec instruction for mitigating Spectre v4 2021-08-04 12:46:44 +02:00
um um: fix error return code in winch_tramp() 2021-07-20 16:05:51 +02:00
x86 x86/mce: Avoid infinite loop for copy from user recovery 2021-09-22 12:28:07 +02:00
xtensa xtensa: ISS: don't panic in rs_init 2021-09-18 13:40:22 +02:00
.gitignore
Kconfig fanotify: Fix sys_fanotify_mark() on native x86-32 2021-01-17 14:16:59 +01:00