]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1e092c3) | patch
mm/usercopy: Detect vmalloc overruns
authorMatthew Wilcox (Oracle) <willy@infradead.org>
Mon, 10 Jan 2022 23:15:28 +0000 (23:15 +0000)
committerKees Cook <keescook@chromium.org>
Wed, 13 Apr 2022 19:15:51 +0000 (12:15 -0700)
commit8c5276ad8b233b3120445fac2cf140ded65590ca
tree5e358ea58cd25805b0b588bdbe198fb9d28e6733tree | snapshot
parent1e092c3af5cc9ec29a4fb77e9869eff65e1f190fcommit | diff
mm/usercopy: Detect vmalloc overruns

If you have a vmalloc() allocation, or an address from calling vmap(),
you cannot overrun the vm_area which describes it, regardless of the
size of the underlying allocation.  This probably doesn't do much for
security because vmalloc comes with guard pages these days, but it
prevents usercopy aborts when copying to a vmap() of smaller pages.

Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220110231530.665970-3-willy@infradead.org
mm/usercopy.c diff | blob | history
Linux Kernel Source Tree.