]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c189994)
mm/mprotect: fix do_mprotect_pkey() limit check
authorLiam R. Howlett <Liam.Howlett@oracle.com>
Tue, 6 Jun 2023 18:29:12 +0000 (14:29 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 28 Jun 2023 09:14:05 +0000 (11:14 +0200)
commit 77795f900e2a07c1cbedc375789aefb43843b6c2 upstream.

The return of do_mprotect_pkey() can still be incorrectly returned as
success if there is a gap that spans to or beyond the end address passed
in.  Update the check to ensure that the end address has indeed been seen.

Link: https://lore.kernel.org/all/CABi2SkXjN+5iFoBhxk71t3cmunTk-s=rB4T7qo0UQRh17s49PQ@mail.gmail.com/
Link: https://lkml.kernel.org/r/20230606182912.586576-1-Liam.Howlett@oracle.com
Fixes: 82f951340f25 ("mm/mprotect: fix do_mprotect_pkey() return on error")
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Reported-by: Jeff Xu <jeffxu@chromium.org>
Reviewed-by: Lorenzo Stoakes <lstoakes@gmail.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
mm/mprotect.c patch | blob | blame | history

diff --git a/mm/mprotect.c b/mm/mprotect.c
index 36351a00c0e82de1508575f152b816c4d40cf66c..498de2c2f2c4fcca0f4bc7845d7e1af9dbc3534d 100644 (file)
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -838,7 +838,7 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
        }
        tlb_finish_mmu(&tlb);
 
-       if (!error && vma_iter_end(&vmi) < end)
+       if (!error && tmp < end)
                error = -ENOMEM;
 
 out:
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git