提交 128b8546 编写于 作者: M Masato Noguchi 提交者: Arnd Bergmann

[POWERPC] spufs: avoid accessing kernel memory through mmapped /mem node

I found an exploit in current kernel.
Currently, there is no range check about mmapping "/mem" node in
spufs. Thus, an application can access privilege memory region.

In case this kernel already worked on a public server, I send this
information only here.
If there are such servers in somewhere, please replace it, ASAP.
Signed-off-by: NMasato Noguchi <Masato.Noguchi@jp.sony.com>
Signed-off-by: NArnd Bergmann <arnd.bergmann@de.ibm.com>
上级 2eb1b120
......@@ -103,6 +103,9 @@ static unsigned long spufs_mem_mmap_nopfn(struct vm_area_struct *vma,
offset += vma->vm_pgoff << PAGE_SHIFT;
if (offset >= LS_SIZE)
return NOPFN_SIGBUS;
spu_acquire(ctx);
if (ctx->state == SPU_STATE_SAVED) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册