Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/uvm mmap(2): Prohibit overflowing offsets for non-D_NEGO...
details: https://anonhg.NetBSD.org/src/rev/40678a0ffd73
branches: trunk
changeset: 368342:40678a0ffd73
user: riastradh <riastradh%NetBSD.org@localhost>
date: Wed Jul 06 01:13:30 2022 +0000
description:
mmap(2): Prohibit overflowing offsets for non-D_NEGOFFSAFE devices.
Reported-by: syzbot+d5a96e7a0ebbd0b76dfc%syzkaller.appspotmail.com@localhost
diffstat:
sys/uvm/uvm_device.c | 19 ++++++++++++-------
1 files changed, 12 insertions(+), 7 deletions(-)
diffs (41 lines):
diff -r 20bfc7300989 -r 40678a0ffd73 sys/uvm/uvm_device.c
--- a/sys/uvm/uvm_device.c Wed Jul 06 01:13:17 2022 +0000
+++ b/sys/uvm/uvm_device.c Wed Jul 06 01:13:30 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: uvm_device.c,v 1.74 2022/07/06 01:12:46 riastradh Exp $ */
+/* $NetBSD: uvm_device.c,v 1.75 2022/07/06 01:13:30 riastradh Exp $ */
/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_device.c,v 1.74 2022/07/06 01:12:46 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_device.c,v 1.75 2022/07/06 01:13:30 riastradh Exp $");
#include "opt_uvmhist.h"
@@ -133,12 +133,17 @@
}
/*
- * Negative offsets on the object are not allowed.
+ * Negative offsets on the object are not allowed, unless the
+ * device has affirmatively set D_NEGOFFSAFE.
*/
-
- if ((cdev->d_flag & D_NEGOFFSAFE) == 0 &&
- off != UVM_UNKNOWN_OFFSET && off < 0)
- return(NULL);
+ if ((cdev->d_flag & D_NEGOFFSAFE) == 0 && off != UVM_UNKNOWN_OFFSET) {
+ if (off < 0)
+ return NULL;
+ if (size > __type_max(voff_t))
+ return NULL;
+ if (off > __type_max(voff_t) - size)
+ return NULL;
+ }
/*
* Check that the specified range of the device allows the
Home |
Main Index |
Thread Index |
Old Index