From: David van Moolenbroek Date: Tue, 29 Dec 2015 15:58:24 +0000 (+0000) Subject: Kernel: apply x86 copy overflow check to ARM X-Git-Url: http://zhaoyanbai.com/repos/%22http:/www.isc.org/icons/zlib_tech.html?a=commitdiff_plain;h=59f1f7ecdd212fe00e1859dc950db6397e96abad;p=minix.git Kernel: apply x86 copy overflow check to ARM Apply the x86 overflow check from git-d09f72c to ARM code as well. Not just stack traces, but also system services can trigger this case, possibly as a result of being handed bad pointers by userland, ending in a kernel panic. Change-Id: Ib817e8b682fafec8edb486a094319ad11eda7081 --- diff --git a/minix/kernel/arch/earm/memory.c b/minix/kernel/arch/earm/memory.c index 5f675cc0a..d56d42a69 100644 --- a/minix/kernel/arch/earm/memory.c +++ b/minix/kernel/arch/earm/memory.c @@ -193,9 +193,13 @@ static int lin_lin_copy(struct proc *srcproc, vir_bytes srclinaddr, /* Set up 1MB ranges. */ srcptr = createpde(srcproc, srclinaddr, &chunk, 0, &changed); dstptr = createpde(dstproc, dstlinaddr, &chunk, 1, &changed); - if(changed) { + if(changed) reload_ttbr0(); - } + + /* Check for overflow. */ + if (srcptr + chunk < srcptr) return EFAULT_SRC; + if (dstptr + chunk < dstptr) return EFAULT_DST; + /* Copy pages. */ PHYS_COPY_CATCH(srcptr, dstptr, chunk, addr);