kernel/linux.git/drivers/char/mem.c, branch v3.18.62

drivers: char: mem: Fix wraparound check to allow mappings up to the end

2017-06-14T10:54:20+00:00

commit 32829da54d9368103a2f03269a5120aa9ee4d5da upstream. A recent fix to /dev/mem prevents mappings from wrapping around the end of physical address space. However, the check was written in a way that also prevents a mapping reaching just up to the end of physical address space, which may be a valid use case (especially on 32-bit systems). This patch fixes it by checking the last mapped address (instead of the first address behind that) for overflow. Fixes: b299cde245 ("drivers: char: mem: Check for address space wraparound with mmap()") Reported-by: Nico Huber Signed-off-by: Julius Werner Signed-off-by: Greg Kroah-Hartman

drivers: char: mem: Check for address space wraparound with mmap()

2017-05-25T12:18:02+00:00

commit b299cde245b0b76c977f4291162cf668e087b408 upstream. /dev/mem currently allows mmap() mappings that wrap around the end of the physical address space, which should probably be illegal. It circumvents the existing STRICT_DEVMEM permission check because the loop immediately terminates (as the start address is already higher than the end address). On the x86_64 architecture it will then cause a panic (from the BUG(start >= end) in arch/x86/mm/pat.c:reserve_memtype()). This patch adds an explicit check to make sure offset + size will not wrap around in the physical address type. Signed-off-by: Julius Werner Signed-off-by: Greg Kroah-Hartman

mm: Tighten x86 /dev/mem with zeroing reads

2017-04-22T05:15:02+00:00

commit a4866aa812518ed1a37d8ea0c881dc946409de94 upstream. Under CONFIG_STRICT_DEVMEM, reading System RAM through /dev/mem is disallowed. However, on x86, the first 1MB was always allowed for BIOS and similar things, regardless of it actually being System RAM. It was possible for heap to end up getting allocated in low 1MB RAM, and then read by things like x86info or dd, which would trip hardened usercopy: usercopy: kernel memory exposure attempt detected from ffff880000090000 (dma-kmalloc-256) (4096 bytes) This changes the x86 exception for the low 1MB by reading back zeros for System RAM areas instead of blindly allowing them. More work is needed to extend this to mmap, but currently mmap doesn't go through usercopy, so hardened usercopy won't Oops the kernel. Reported-by: Tommi Rantala Tested-by: Tommi Rantala Signed-off-by: Kees Cook Cc: Brad Spengler Signed-off-by: Greg Kroah-Hartman

switch /dev/zero and /dev/full to ->read_iter()

2014-10-09T06:39:08+00:00

Signed-off-by: Al Viro

/dev/mem: handle out-of-bounds read/write

2014-02-15T19:51:02+00:00

The loff_t type may be wider than phys_addr_t (e.g. on 32-bit systems). Consequently, the file offset may be truncated in the assignment. Currently, /dev/mem wraps around, which may cause applications to read or write incorrect regions of memory by accident. Let's follow POSIX file semantics here and return 0 when reading from and -EFBIG when writing to an offset that cannot be represented by a phys_addr_t. Note that the conditional is optimized out by the compiler if loff_t has the same size as phys_addr_t. Signed-off-by: Petr Tesarik Signed-off-by: Greg Kroah-Hartman

mm/memblock: remove unnecessary inclusions of bootmem.h

2014-01-22T00:19:46+00:00

Clean-up to remove depedency with bootmem headers. Signed-off-by: Grygorii Strashko Signed-off-by: Santosh Shilimkar Reviewed-by: Tejun Heo Cc: Yinghai Lu Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Cc: "Rafael J. Wysocki" Cc: Christoph Lameter Cc: H. Peter Anvin Cc: Johannes Weiner Cc: KAMEZAWA Hiroyuki Cc: Konrad Rzeszutek Wilk Cc: Michal Hocko Cc: Paul Walmsley Cc: Pavel Machek Cc: Russell King Cc: Tony Lindgren Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

/dev/oldmem: Remove the interface

2013-07-03T23:08:03+00:00

/dev/oldmem provides the interface for us to access the "old memory" in the dump-capture kernel. Unfortunately, no one actually uses this interface. And this interface could actually cause some real problems if used on ia64 where the cached/uncached accesses are mixed. See the discussion from the link: https://lkml.org/lkml/2013/4/12/386. So Eric suggested that we should remove /dev/oldmem as an unused piece of code. [akpm@linux-foundation.org: mention /dev/oldmem obsolescence in devices.txt] Suggested-by: "Eric W. Biederman" Signed-off-by: Zhang Yanfei Cc: Vivek Goyal Cc: Dave Hansen Cc: "H. Peter Anvin" Cc: "H. Peter Anvin" Cc: Benjamin Herrenschmidt Cc: Fenghua Yu Cc: Heiko Carstens Cc: Martin Schwidefsky Cc: Matt Fleming Cc: Michael Holzheu Cc: Paul Mackerras Cc: Ralf Baechle Cc: Tony Luck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

drivers: char: mem: use IS_ERR_VALUE() in memory_lseek()

2013-06-06T19:54:08+00:00

Use IS_ERR_VALUE() instead of comparing the new offset to a hard-coded value of -MAX_ERRNO (which is also off-by-one due to the use of ~ instead of -). Signed-off-by: Rasmus Villemoes Signed-off-by: Greg Kroah-Hartman

aio: don't include aio.h in sched.h

2013-05-08T03:16:25+00:00

Faster kernel compiles by way of fewer unnecessary includes. [akpm@linux-foundation.org: fix fallout] [akpm@linux-foundation.org: fix build] Signed-off-by: Kent Overstreet Cc: Zach Brown Cc: Felipe Balbi Cc: Greg Kroah-Hartman Cc: Mark Fasheh Cc: Joel Becker Cc: Rusty Russell Cc: Jens Axboe Cc: Asai Thambi S P Cc: Selvan Mani Cc: Sam Bradshaw Cc: Jeff Moyer Cc: Al Viro Cc: Benjamin LaHaise Reviewed-by: "Theodore Ts'o" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

char: add aio_{read,write} to /dev/{null,zero}

2013-05-08T01:38:28+00:00

These are handy for measuring the cost of the aio infrastructure with operations that do very little and complete immediately. Signed-off-by: Zach Brown Signed-off-by: Kent Overstreet Cc: Felipe Balbi Cc: Greg Kroah-Hartman Cc: Mark Fasheh Cc: Joel Becker Cc: Rusty Russell Cc: Jens Axboe Cc: Asai Thambi S P Cc: Selvan Mani Cc: Sam Bradshaw Acked-by: Jeff Moyer Cc: Al Viro Cc: Benjamin LaHaise Reviewed-by: "Theodore Ts'o" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds