From: Ben Gras Date: Wed, 20 Feb 2013 19:29:09 +0000 (+0100) Subject: ARM: kernel: fix sanity check for copying X-Git-Tag: v3.3.0~1139 X-Git-Url: http://zhaoyanbai.com/repos/%22http:/www.isc.org/icons/expt.png?a=commitdiff_plain;h=2aa82a9c7ba80ca1eb07b0db118e2316581baa92;p=minix.git ARM: kernel: fix sanity check for copying . phys_copy() (taken from memcpy) can legitimately cause pagefaults below the source/dest address due to word-alignment Change-Id: Ibee8f069781d16caea671246c021fb17a2a892b1 --- diff --git a/kernel/arch/earm/memory.c b/kernel/arch/earm/memory.c index f31a1bf4e..e3ebedd2d 100644 --- a/kernel/arch/earm/memory.c +++ b/kernel/arch/earm/memory.c @@ -196,12 +196,19 @@ static int lin_lin_copy(struct proc *srcproc, vir_bytes srclinaddr, PHYS_COPY_CATCH(srcptr, dstptr, chunk, addr); if(addr) { - /* If addr is nonzero, a page fault was caught. */ - - if(addr >= srcptr && addr < (srcptr + chunk)) { + /* If addr is nonzero, a page fault was caught. + * + * phys_copy does all memory accesses word-aligned (rounded + * down), so pagefaults can occur at a lower address than + * the specified offsets. compute the lower bounds for sanity + * check use. + */ + vir_bytes src_aligned = srcptr & ~0x3, dst_aligned = dstptr & ~0x3; + + if(addr >= src_aligned && addr < (srcptr + chunk)) { return EFAULT_SRC; } - if(addr >= dstptr && addr < (dstptr + chunk)) { + if(addr >= dst_aligned && addr < (dstptr + chunk)) { return EFAULT_DST; }