ARM: kernel: fix sanity check for copying

author Ben Gras <ben@minix3.org>

Wed, 20 Feb 2013 19:29:09 +0000 (20:29 +0100)

committer Ben Gras <ben@minix3.org>

Wed, 20 Feb 2013 19:34:40 +0000 (20:34 +0100)
author Ben Gras <ben@minix3.org>
Wed, 20 Feb 2013 19:29:09 +0000 (20:29 +0100)
committer Ben Gras <ben@minix3.org>
Wed, 20 Feb 2013 19:34:40 +0000 (20:34 +0100)
diff --git a/kernel/arch/earm/memory.c b/kernel/arch/earm/memory.c

index f31a1bf4e725b4d8a0a702a1abac1ddd5fb4c843..e3ebedd2d45596752e630236d0b56c379cba1468 100644 (file)
--- a/kernel/arch/earm/memory.c
+++ b/kernel/arch/earm/memory.c
@@ -196,12 +196,19 @@ static int lin_lin_copy(struct proc *srcproc, vir_bytes srclinaddr,
                 PHYS_COPY_CATCH(srcptr, dstptr, chunk, addr);
  
                 if(addr) {
-                       /* If addr is nonzero, a page fault was caught. */
-
-                       if(addr >= srcptr && addr < (srcptr + chunk)) {
+                       /* If addr is nonzero, a page fault was caught.
+                        *
+                        * phys_copy does all memory accesses word-aligned (rounded
+                        * down), so pagefaults can occur at a lower address than
+                        * the specified offsets. compute the lower bounds for sanity
+                        * check use.
+                        */
+                       vir_bytes src_aligned = srcptr & ~0x3, dst_aligned = dstptr & ~0x3;
+
+                       if(addr >= src_aligned && addr < (srcptr + chunk)) {
                                 return EFAULT_SRC;
                         }
-                       if(addr >= dstptr && addr < (dstptr + chunk)) {
+                       if(addr >= dst_aligned && addr < (dstptr + chunk)) {
                                 return EFAULT_DST;
                         }
author	Ben Gras <ben@minix3.org>
	Wed, 20 Feb 2013 19:29:09 +0000 (20:29 +0100)
committer	Ben Gras <ben@minix3.org>
	Wed, 20 Feb 2013 19:34:40 +0000 (20:34 +0100)