Commit:     128b8546a83a9e37448bc126e1045dc1db291165
Parent:     2eb1b12049844a8ebc670e0e4fc908bc3f8933d3
Author:     Masato Noguchi <[EMAIL PROTECTED]>
AuthorDate: Tue Feb 13 21:54:30 2007 +0100
Committer:  Arnd Bergmann <[EMAIL PROTECTED]>
CommitDate: Tue Feb 13 21:55:43 2007 +0100

    [POWERPC] spufs: avoid accessing kernel memory through mmapped /mem node
    I found an exploit in current kernel.
    Currently, there is no range check about mmapping "/mem" node in
    spufs. Thus, an application can access privilege memory region.
    In case this kernel already worked on a public server, I send this
    information only here.
    If there are such servers in somewhere, please replace it, ASAP.
    Signed-off-by: Masato Noguchi <[EMAIL PROTECTED]>
    Signed-off-by: Arnd Bergmann <[EMAIL PROTECTED]>
 arch/powerpc/platforms/cell/spufs/file.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/arch/powerpc/platforms/cell/spufs/file.c 
index c729813..b00653d 100644
--- a/arch/powerpc/platforms/cell/spufs/file.c
+++ b/arch/powerpc/platforms/cell/spufs/file.c
@@ -103,6 +103,9 @@ static unsigned long spufs_mem_mmap_nopfn(struct 
vm_area_struct *vma,
        offset += vma->vm_pgoff << PAGE_SHIFT;
+       if (offset >= LS_SIZE)
+               return NOPFN_SIGBUS;
        if (ctx->state == SPU_STATE_SAVED) {
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to