[PATCH] uio: fix vma io range check in mmap

From: Bin Wang
Date: Tue Mar 25 2014 - 01:52:25 EST

Next message: Takao Indoh: "Re: ftrace/kprobes: Warning when insmod two modules"
Previous message: Shahed Shaikh: "RE: [PATCH net-next 4/7] qlcnic: Remove casts of pointer to same type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

the vma range size is always page size aligned in mmap, while the
real io space range may not be page aligned, thus leading to range
check failure in the uio_mmap_physical().

for example, in a case of io range size "mem->size == 1KB", and we
have (vma->vm_end - vma->vm_start) == 4KB, due to "len" is aligned
to page size in do_mmap_pgoff().

now fix this issue by align mem->size to page size in the check.

Signed-off-by: Bin Wang <binw@xxxxxxxxxxx>
---
drivers/uio/uio.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
index a673e5b..e371f5a 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -655,7 +655,7 @@ static int uio_mmap_physical(struct vm_area_struct *vma)

if (mem->addr & ~PAGE_MASK)
return -ENODEV;
- if (vma->vm_end - vma->vm_start > mem->size)
+ if (vma->vm_end - vma->vm_start > PAGE_ALIGN(mem->size))
return -EINVAL;

vma->vm_ops = &uio_physical_vm_ops;
--
1.7.0.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Takao Indoh: "Re: ftrace/kprobes: Warning when insmod two modules"
Previous message: Shahed Shaikh: "RE: [PATCH net-next 4/7] qlcnic: Remove casts of pointer to same type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]