aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMasato Noguchi <Masato.Noguchi@jp.sony.com>2007-02-13 15:54:30 -0500
committerArnd Bergmann <arnd@klappe.arndb.de>2007-02-13 15:55:43 -0500
commit128b8546a83a9e37448bc126e1045dc1db291165 (patch)
tree01281bb501601f643f50210314bcc31f44f5dcf7
parent2eb1b12049844a8ebc670e0e4fc908bc3f8933d3 (diff)
[POWERPC] spufs: avoid accessing kernel memory through mmapped /mem node
I found an exploit in current kernel. Currently, there is no range check about mmapping "/mem" node in spufs. Thus, an application can access privilege memory region. In case this kernel already worked on a public server, I send this information only here. If there are such servers in somewhere, please replace it, ASAP. Signed-off-by: Masato Noguchi <Masato.Noguchi@jp.sony.com> Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
-rw-r--r--arch/powerpc/platforms/cell/spufs/file.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
index c729813043a6..b00653d69c01 100644
--- a/arch/powerpc/platforms/cell/spufs/file.c
+++ b/arch/powerpc/platforms/cell/spufs/file.c
@@ -103,6 +103,9 @@ static unsigned long spufs_mem_mmap_nopfn(struct vm_area_struct *vma,
103 103
104 offset += vma->vm_pgoff << PAGE_SHIFT; 104 offset += vma->vm_pgoff << PAGE_SHIFT;
105 105
106 if (offset >= LS_SIZE)
107 return NOPFN_SIGBUS;
108
106 spu_acquire(ctx); 109 spu_acquire(ctx);
107 110
108 if (ctx->state == SPU_STATE_SAVED) { 111 if (ctx->state == SPU_STATE_SAVED) {