From: David van Moolenbroek <david@minix3.org>
Date: Tue, 29 Dec 2015 15:58:24 +0000 (+0000)
Subject: Kernel: apply x86 copy overflow check to ARM
X-Git-Url: http://zhaoyanbai.com/repos/?a=commitdiff_plain;h=59f1f7ecdd212fe00e1859dc950db6397e96abad;p=minix.git

Kernel: apply x86 copy overflow check to ARM

Apply the x86 overflow check from git-d09f72c to ARM code as well.
Not just stack traces, but also system services can trigger this
case, possibly as a result of being handed bad pointers by userland,
ending in a kernel panic.

Change-Id: Ib817e8b682fafec8edb486a094319ad11eda7081
---

diff --git a/minix/kernel/arch/earm/memory.c b/minix/kernel/arch/earm/memory.c
index 5f675cc0a..d56d42a69 100644
--- a/minix/kernel/arch/earm/memory.c
+++ b/minix/kernel/arch/earm/memory.c
@@ -193,9 +193,13 @@ static int lin_lin_copy(struct proc *srcproc, vir_bytes srclinaddr,
 		/* Set up 1MB ranges. */
 		srcptr = createpde(srcproc, srclinaddr, &chunk, 0, &changed);
 		dstptr = createpde(dstproc, dstlinaddr, &chunk, 1, &changed);
-		if(changed) {
+		if(changed)
 			reload_ttbr0();
-		}
+
+		/* Check for overflow. */
+		if (srcptr + chunk < srcptr) return EFAULT_SRC;
+		if (dstptr + chunk < dstptr) return EFAULT_DST;
+
 		/* Copy pages. */
 		PHYS_COPY_CATCH(srcptr, dstptr, chunk, addr);