Skip to content

Commit

Permalink
[POWERPC] spufs: avoid accessing kernel memory through mmapped /mem node
Browse files Browse the repository at this point in the history 
I found an exploit in current kernel.
Currently, there is no range check about mmapping "/mem" node in
spufs. Thus, an application can access privilege memory region.

In case this kernel already worked on a public server, I send this
information only here.
If there are such servers in somewhere, please replace it, ASAP.

Signed-off-by: Masato Noguchi <Masato.Noguchi@jp.sony.com>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
  • Loading branch information
Masato Noguchi authored and Arnd Bergmann committed Feb 13, 2007
1 parent 2eb1b12 commit 128b854
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions arch/powerpc/platforms/cell/spufs/file.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,9 @@ static unsigned long spufs_mem_mmap_nopfn(struct vm_area_struct *vma,

offset += vma->vm_pgoff << PAGE_SHIFT;

if (offset >= LS_SIZE)
return NOPFN_SIGBUS;

spu_acquire(ctx);

if (ctx->state == SPU_STATE_SAVED) {
Expand Down

0 comments on commit 128b854

Please sign in to comment.