Skip to content

Commit

Permalink
s390/gup: add missing TASK_SIZE check to get_user_pages_fast()
Browse files Browse the repository at this point in the history 
When walking page tables we need to make sure that everything
is within bounds of the ASCE limit of the task's address space.
Otherwise we might calculate e.g. a pud pointer which is not
within a pud and dereference it.
So check against TASK_SIZE (which is the ASCE limit) before
walking page tables.

Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
  • Loading branch information
Heiko Carstens authored and Martin Schwidefsky committed Nov 13, 2012
1 parent 658e5ce commit d55c4c6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion arch/s390/mm/gup.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write,
addr = start;
len = (unsigned long) nr_pages << PAGE_SHIFT;
end = start + len;
if (end < start)
if ((end < start) || (end > TASK_SIZE))
goto slow_irqon;

/*
Expand Down

0 comments on commit d55c4c6

Please sign in to comment.