diff options
author | Mark Rutland <mark.rutland@arm.com> | 2015-03-04 13:27:35 +0000 |
---|---|---|
committer | Will Deacon <will.deacon@arm.com> | 2015-03-19 10:43:57 +0000 |
commit | b63dbef93f91d56cb4385fdd8d1765201d451136 (patch) | |
tree | f984f35a54b63029f2e8e5598a46adff3a726010 /arch/arm64/mm/mmu.c | |
parent | 19fc577579c86fec6e2523baeb457b02e939796f (diff) | |
download | op-kernel-dev-b63dbef93f91d56cb4385fdd8d1765201d451136.zip op-kernel-dev-b63dbef93f91d56cb4385fdd8d1765201d451136.tar.gz |
arm64: fixmap: check idx is definitely valid
Fixmap indices are in the interval (FIX_HOLE, __end_of_fixed_addresses),
but in __set_fixmap we only check idx <= __end_of_fixed_addresses, and
therefore indices <= FIX_HOLE are erroneously accepted. If called with
such an idx, __set_fixmap may corrupt page tables outside of the fixmap
region.
This patch ensures that we validate the idx against both endpoints of
the interval.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laura Abbott <lauraa@codeaurora.org>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Diffstat (limited to 'arch/arm64/mm/mmu.c')
-rw-r--r-- | arch/arm64/mm/mmu.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index c6daaf6..c9267ac 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -627,10 +627,7 @@ void __set_fixmap(enum fixed_addresses idx, unsigned long addr = __fix_to_virt(idx); pte_t *pte; - if (idx >= __end_of_fixed_addresses) { - BUG(); - return; - } + BUG_ON(idx <= FIX_HOLE || idx >= __end_of_fixed_addresses); pte = fixmap_pte(addr); |