diff options
author | Masato Noguchi <Masato.Noguchi@jp.sony.com> | 2007-02-13 15:54:30 -0500 |
---|---|---|
committer | Arnd Bergmann <arnd@klappe.arndb.de> | 2007-02-13 15:55:43 -0500 |
commit | 128b8546a83a9e37448bc126e1045dc1db291165 (patch) | |
tree | 01281bb501601f643f50210314bcc31f44f5dcf7 | |
parent | 2eb1b12049844a8ebc670e0e4fc908bc3f8933d3 (diff) |
[POWERPC] spufs: avoid accessing kernel memory through mmapped /mem node
I found an exploit in current kernel.
Currently, there is no range check about mmapping "/mem" node in
spufs. Thus, an application can access privilege memory region.
In case this kernel already worked on a public server, I send this
information only here.
If there are such servers in somewhere, please replace it, ASAP.
Signed-off-by: Masato Noguchi <Masato.Noguchi@jp.sony.com>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
-rw-r--r-- | arch/powerpc/platforms/cell/spufs/file.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c index c729813043a6..b00653d69c01 100644 --- a/arch/powerpc/platforms/cell/spufs/file.c +++ b/arch/powerpc/platforms/cell/spufs/file.c | |||
@@ -103,6 +103,9 @@ static unsigned long spufs_mem_mmap_nopfn(struct vm_area_struct *vma, | |||
103 | 103 | ||
104 | offset += vma->vm_pgoff << PAGE_SHIFT; | 104 | offset += vma->vm_pgoff << PAGE_SHIFT; |
105 | 105 | ||
106 | if (offset >= LS_SIZE) | ||
107 | return NOPFN_SIGBUS; | ||
108 | |||
106 | spu_acquire(ctx); | 109 | spu_acquire(ctx); |
107 | 110 | ||
108 | if (ctx->state == SPU_STATE_SAVED) { | 111 | if (ctx->state == SPU_STATE_SAVED) { |