sanchayanmaity/minix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ARM: kernel: fix sanity check for copying

Browse source 
. phys_copy() (taken from memcpy) can legitimately
	  cause pagefaults below the source/dest address due
	  to word-alignment

Change-Id: Ibee8f069781d16caea671246c021fb17a2a892b1
This commit is contained in:
Ben Gras 2013-02-20 20:29:09 +01:00
parent 7a07b58aa8
commit 2aa82a9c7b
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
kernel/arch/earm/memory.c
View file

@ -196,12 +196,19 @@ static int lin_lin_copy(struct proc *srcproc, vir_bytes srclinaddr,
PHYS_COPY_CATCH(srcptr, dstptr, chunk, addr);
if(addr) {
/* If addr is nonzero, a page fault was caught. */
/* If addr is nonzero, a page fault was caught.
*
* phys_copy does all memory accesses word-aligned (rounded
* down), so pagefaults can occur at a lower address than
* the specified offsets. compute the lower bounds for sanity
* check use.
*/
vir_bytes src_aligned = srcptr & ~0x3, dst_aligned = dstptr & ~0x3;
if(addr >= srcptr && addr < (srcptr + chunk)) {
if(addr >= src_aligned && addr < (srcptr + chunk)) {
return EFAULT_SRC;
}
if(addr >= dstptr && addr < (dstptr + chunk)) {
if(addr >= dst_aligned && addr < (dstptr + chunk)) {
return EFAULT_DST;
}