• Craig Bergstrom's avatar
    x86/mm: Limit mmap() of /dev/mem to valid physical addresses · ce56a86e
    Craig Bergstrom authored
    Currently, it is possible to mmap() any offset from /dev/mem.  If a
    program mmaps() /dev/mem offsets outside of the addressable limits
    of a system, the page table can be corrupted by setting reserved bits.
    
    For example if you mmap() offset 0x0001000000000000 of /dev/mem on an
    x86_64 system with a 48-bit bus, the page fault handler will be called
    with error_code set to RSVD.  The kernel then crashes with a page table
    corruption error.
    
    This change prevents this page table corruption on x86 by refusing
    to mmap offsets higher than the highest valid address in the system.
    Signed-off-by: default avatarCraig Bergstrom <craigb@google.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Brian Gerst <brgerst@gmail.com>
    Cc: Denys Vlasenko <dvlasenk@redhat.com>
    Cc: H. Peter Anvin <hpa@zytor.com>
    Cc: Josh Poimboeuf <jpoimboe@redhat.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Luis R. Rodriguez <mcgrof@suse.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Toshi Kani <toshi.kani@hp.com>
    Cc: dsafonov@virtuozzo.com
    Cc: kirill.shutemov@linux.intel.com
    Cc: mhocko@suse.com
    Cc: oleg@redhat.com
    Link: http://lkml.kernel.org/r/20171019192856.39672-1-craigb@google.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    ce56a86e
mmap.c 4.86 KB