Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=128b8546a83a9e37448bc126e1045dc1db291165 Commit: 128b8546a83a9e37448bc126e1045dc1db291165 Parent: 2eb1b12049844a8ebc670e0e4fc908bc3f8933d3 Author: Masato Noguchi <[EMAIL PROTECTED]> AuthorDate: Tue Feb 13 21:54:30 2007 +0100 Committer: Arnd Bergmann <[EMAIL PROTECTED]> CommitDate: Tue Feb 13 21:55:43 2007 +0100
[POWERPC] spufs: avoid accessing kernel memory through mmapped /mem node I found an exploit in current kernel. Currently, there is no range check about mmapping "/mem" node in spufs. Thus, an application can access privilege memory region. In case this kernel already worked on a public server, I send this information only here. If there are such servers in somewhere, please replace it, ASAP. Signed-off-by: Masato Noguchi <[EMAIL PROTECTED]> Signed-off-by: Arnd Bergmann <[EMAIL PROTECTED]> --- arch/powerpc/platforms/cell/spufs/file.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c index c729813..b00653d 100644 --- a/arch/powerpc/platforms/cell/spufs/file.c +++ b/arch/powerpc/platforms/cell/spufs/file.c @@ -103,6 +103,9 @@ static unsigned long spufs_mem_mmap_nopfn(struct vm_area_struct *vma, offset += vma->vm_pgoff << PAGE_SHIFT; + if (offset >= LS_SIZE) + return NOPFN_SIGBUS; + spu_acquire(ctx); if (ctx->state == SPU_STATE_SAVED) { - To unsubscribe from this list: send the line "unsubscribe git-commits-head" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html