[thirdparty/kernel/stable-queue.git] / releases / 4.19.45 / arm64-mmap-ensure-file-offset-is-treated-as-unsigned.patch

From f08cae2f28db24d95be5204046b60618d8de4ddc Mon Sep 17 00:00:00 2001
From: Boyang Zhou <zhouby_cn@126.com>
Date: Mon, 29 Apr 2019 15:27:19 +0100
Subject: arm64: mmap: Ensure file offset is treated as unsigned

From: Boyang Zhou <zhouby_cn@126.com>

commit f08cae2f28db24d95be5204046b60618d8de4ddc upstream.

The file offset argument to the arm64 sys_mmap() implementation is
scaled from bytes to pages by shifting right by PAGE_SHIFT.
Unfortunately, the offset is passed in as a signed 'off_t' type and
therefore large offsets (i.e. with the top bit set) are incorrectly
sign-extended by the shift. This has been observed to cause false mmap()
failures when mapping GPU doorbells on an arm64 server part.

Change the type of the file offset argument to sys_mmap() from 'off_t'
to 'unsigned long' so that the shifting scales the value as expected.

Cc: <stable@vger.kernel.org>
Signed-off-by: Boyang Zhou <zhouby_cn@126.com>
[will: rewrote commit message]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/sys.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/arm64/kernel/sys.c
+++ b/arch/arm64/kernel/sys.c
@@ -31,7 +31,7 @@
 
 SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len,
 		unsigned long, prot, unsigned long, flags,
-		unsigned long, fd, off_t, off)
+		unsigned long, fd, unsigned long, off)
 {
 	if (offset_in_page(off) != 0)
 		return -EINVAL;
Commit	Line	Data
a4b7cc35 GKH	1	From f08cae2f28db24d95be5204046b60618d8de4ddc Mon Sep 17 00:00:00 2001
	2	From: Boyang Zhou <zhouby_cn@126.com>
	3	Date: Mon, 29 Apr 2019 15:27:19 +0100
	4	Subject: arm64: mmap: Ensure file offset is treated as unsigned
	5
	6	From: Boyang Zhou <zhouby_cn@126.com>
	7
	8	commit f08cae2f28db24d95be5204046b60618d8de4ddc upstream.
	9
	10	The file offset argument to the arm64 sys_mmap() implementation is
	11	scaled from bytes to pages by shifting right by PAGE_SHIFT.
	12	Unfortunately, the offset is passed in as a signed 'off_t' type and
	13	therefore large offsets (i.e. with the top bit set) are incorrectly
	14	sign-extended by the shift. This has been observed to cause false mmap()
	15	failures when mapping GPU doorbells on an arm64 server part.
	16
	17	Change the type of the file offset argument to sys_mmap() from 'off_t'
	18	to 'unsigned long' so that the shifting scales the value as expected.
	19
	20	Cc: <stable@vger.kernel.org>
	21	Signed-off-by: Boyang Zhou <zhouby_cn@126.com>
	22	[will: rewrote commit message]
	23	Signed-off-by: Will Deacon <will.deacon@arm.com>
	24	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	25
	26	---
	27	arch/arm64/kernel/sys.c \| 2 +-
	28	1 file changed, 1 insertion(+), 1 deletion(-)
	29
	30	--- a/arch/arm64/kernel/sys.c
	31	+++ b/arch/arm64/kernel/sys.c
	32	@@ -31,7 +31,7 @@
	33
	34	SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len,
	35	unsigned long, prot, unsigned long, flags,
	36	- unsigned long, fd, off_t, off)
	37	+ unsigned long, fd, unsigned long, off)
	38	{
	39	if (offset_in_page(off) != 0)
	40	return -EINVAL;