From 418f826c2ccaab87e38de33985f512c97436fd37 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Mon, 17 Jun 2019 20:25:56 +0200 Subject: [PATCH] kernel: Fix MIPS bounds check virt_addr_valid This is pending to get into the upstream kernel. This fixes a bug in the upstream kernel which was added to stable some time ago. Signed-off-by: Hauke Mehrtens --- ...IPS-Fix-bounds-check-virt_addr_valid.patch | 33 +++++++++++++++++++ ...IPS-Fix-bounds-check-virt_addr_valid.patch | 33 +++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 target/linux/generic/pending-4.14/303-MIPS-Fix-bounds-check-virt_addr_valid.patch create mode 100644 target/linux/generic/pending-4.19/303-MIPS-Fix-bounds-check-virt_addr_valid.patch diff --git a/target/linux/generic/pending-4.14/303-MIPS-Fix-bounds-check-virt_addr_valid.patch b/target/linux/generic/pending-4.14/303-MIPS-Fix-bounds-check-virt_addr_valid.patch new file mode 100644 index 0000000000..d4c3e66105 --- /dev/null +++ b/target/linux/generic/pending-4.14/303-MIPS-Fix-bounds-check-virt_addr_valid.patch @@ -0,0 +1,33 @@ +From 415e0feec4f927af0059f72a6831f6c5a104f0fc Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens +Date: Mon, 17 Jun 2019 00:13:08 +0200 +Subject: [PATCH] MIPS: Fix bounds check virt_addr_valid + +The bounds check used the uninitialized variable vaddr, it should use +the given parameter kaddr instead. When using the uninitialized value +the compiler assumed it to be 0 and optimized this function to just +return 0 in all cases. + +This should make the function check the range of the given address and +only do the page map check in case it is in the expected range of +virtual addresses. + +Fixes: 074a1e1167af ("MIPS: Bounds check virt_addr_valid") +Cc: stable@vger.kernel.org # v4.12+ +Cc: Paul Burton +Signed-off-by: Hauke Mehrtens +--- + arch/mips/mm/mmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/mm/mmap.c ++++ b/arch/mips/mm/mmap.c +@@ -203,7 +203,7 @@ unsigned long arch_randomize_brk(struct + + int __virt_addr_valid(const volatile void *kaddr) + { +- unsigned long vaddr = (unsigned long)vaddr; ++ unsigned long vaddr = (unsigned long)kaddr; + + if ((vaddr < PAGE_OFFSET) || (vaddr >= MAP_BASE)) + return 0; diff --git a/target/linux/generic/pending-4.19/303-MIPS-Fix-bounds-check-virt_addr_valid.patch b/target/linux/generic/pending-4.19/303-MIPS-Fix-bounds-check-virt_addr_valid.patch new file mode 100644 index 0000000000..d4c3e66105 --- /dev/null +++ b/target/linux/generic/pending-4.19/303-MIPS-Fix-bounds-check-virt_addr_valid.patch @@ -0,0 +1,33 @@ +From 415e0feec4f927af0059f72a6831f6c5a104f0fc Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens +Date: Mon, 17 Jun 2019 00:13:08 +0200 +Subject: [PATCH] MIPS: Fix bounds check virt_addr_valid + +The bounds check used the uninitialized variable vaddr, it should use +the given parameter kaddr instead. When using the uninitialized value +the compiler assumed it to be 0 and optimized this function to just +return 0 in all cases. + +This should make the function check the range of the given address and +only do the page map check in case it is in the expected range of +virtual addresses. + +Fixes: 074a1e1167af ("MIPS: Bounds check virt_addr_valid") +Cc: stable@vger.kernel.org # v4.12+ +Cc: Paul Burton +Signed-off-by: Hauke Mehrtens +--- + arch/mips/mm/mmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/mm/mmap.c ++++ b/arch/mips/mm/mmap.c +@@ -203,7 +203,7 @@ unsigned long arch_randomize_brk(struct + + int __virt_addr_valid(const volatile void *kaddr) + { +- unsigned long vaddr = (unsigned long)vaddr; ++ unsigned long vaddr = (unsigned long)kaddr; + + if ((vaddr < PAGE_OFFSET) || (vaddr >= MAP_BASE)) + return 0; -- 2.30.2