aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux
diff options
context:
space:
mode:
authorHauke Mehrtens <hauke@hauke-m.de>2019-06-17 20:25:56 +0200
committerHauke Mehrtens <hauke@hauke-m.de>2019-07-07 17:35:23 +0200
commit418f826c2ccaab87e38de33985f512c97436fd37 (patch)
tree894d6d37329c8e07bc9a72d3519704b1ba540b29 /target/linux
parentd5a38725f84f52618a7c4cb17e8bfac40a17854a (diff)
downloadupstream-418f826c2ccaab87e38de33985f512c97436fd37.tar.gz
upstream-418f826c2ccaab87e38de33985f512c97436fd37.tar.bz2
upstream-418f826c2ccaab87e38de33985f512c97436fd37.zip
kernel: Fix MIPS bounds check virt_addr_valid
This is pending to get into the upstream kernel. This fixes a bug in the upstream kernel which was added to stable some time ago. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'target/linux')
-rw-r--r--target/linux/generic/pending-4.14/303-MIPS-Fix-bounds-check-virt_addr_valid.patch33
-rw-r--r--target/linux/generic/pending-4.19/303-MIPS-Fix-bounds-check-virt_addr_valid.patch33
2 files changed, 66 insertions, 0 deletions
diff --git a/target/linux/generic/pending-4.14/303-MIPS-Fix-bounds-check-virt_addr_valid.patch b/target/linux/generic/pending-4.14/303-MIPS-Fix-bounds-check-virt_addr_valid.patch
new file mode 100644
index 0000000000..d4c3e66105
--- /dev/null
+++ b/target/linux/generic/pending-4.14/303-MIPS-Fix-bounds-check-virt_addr_valid.patch
@@ -0,0 +1,33 @@
+From 415e0feec4f927af0059f72a6831f6c5a104f0fc Mon Sep 17 00:00:00 2001
+From: Hauke Mehrtens <hauke@hauke-m.de>
+Date: Mon, 17 Jun 2019 00:13:08 +0200
+Subject: [PATCH] MIPS: Fix bounds check virt_addr_valid
+
+The bounds check used the uninitialized variable vaddr, it should use
+the given parameter kaddr instead. When using the uninitialized value
+the compiler assumed it to be 0 and optimized this function to just
+return 0 in all cases.
+
+This should make the function check the range of the given address and
+only do the page map check in case it is in the expected range of
+virtual addresses.
+
+Fixes: 074a1e1167af ("MIPS: Bounds check virt_addr_valid")
+Cc: stable@vger.kernel.org # v4.12+
+Cc: Paul Burton <paul.burton@mips.com>
+Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
+---
+ arch/mips/mm/mmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/mm/mmap.c
++++ b/arch/mips/mm/mmap.c
+@@ -203,7 +203,7 @@ unsigned long arch_randomize_brk(struct
+
+ int __virt_addr_valid(const volatile void *kaddr)
+ {
+- unsigned long vaddr = (unsigned long)vaddr;
++ unsigned long vaddr = (unsigned long)kaddr;
+
+ if ((vaddr < PAGE_OFFSET) || (vaddr >= MAP_BASE))
+ return 0;
diff --git a/target/linux/generic/pending-4.19/303-MIPS-Fix-bounds-check-virt_addr_valid.patch b/target/linux/generic/pending-4.19/303-MIPS-Fix-bounds-check-virt_addr_valid.patch
new file mode 100644
index 0000000000..d4c3e66105
--- /dev/null
+++ b/target/linux/generic/pending-4.19/303-MIPS-Fix-bounds-check-virt_addr_valid.patch
@@ -0,0 +1,33 @@
+From 415e0feec4f927af0059f72a6831f6c5a104f0fc Mon Sep 17 00:00:00 2001
+From: Hauke Mehrtens <hauke@hauke-m.de>
+Date: Mon, 17 Jun 2019 00:13:08 +0200
+Subject: [PATCH] MIPS: Fix bounds check virt_addr_valid
+
+The bounds check used the uninitialized variable vaddr, it should use
+the given parameter kaddr instead. When using the uninitialized value
+the compiler assumed it to be 0 and optimized this function to just
+return 0 in all cases.
+
+This should make the function check the range of the given address and
+only do the page map check in case it is in the expected range of
+virtual addresses.
+
+Fixes: 074a1e1167af ("MIPS: Bounds check virt_addr_valid")
+Cc: stable@vger.kernel.org # v4.12+
+Cc: Paul Burton <paul.burton@mips.com>
+Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
+---
+ arch/mips/mm/mmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/mm/mmap.c
++++ b/arch/mips/mm/mmap.c
+@@ -203,7 +203,7 @@ unsigned long arch_randomize_brk(struct
+
+ int __virt_addr_valid(const volatile void *kaddr)
+ {
+- unsigned long vaddr = (unsigned long)vaddr;
++ unsigned long vaddr = (unsigned long)kaddr;
+
+ if ((vaddr < PAGE_OFFSET) || (vaddr >= MAP_BASE))
+ return 0;