git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit

author	Iwona Winiarska <iwona.winiarska@intel.com>
	Tue, 3 Aug 2021 23:48:19 +0000 (01:48 +0200)
committer	Stefan Bader <stefan.bader@canonical.com>
	Fri, 5 Nov 2021 09:17:46 +0000 (10:17 +0100)
commit	dcbad9ff726c1764265449eae2ee0ce6159d9450
tree	77e5903e5a0066d107b03a668e853d01e006e6b7	tree
parent	50b6051ad9aae73a05085d8f283d1968e8ff03d4	commit \| diff

soc: aspeed: p2a-ctrl: Fix boundary check for mmap

BugLink: https://bugs.launchpad.net/bugs/1947781
commit 8b07e990fb254fcbaa919616ac77f981cb48c73d upstream.

The check mixes pages (vm_pgoff) with bytes (vm_start, vm_end) on one
side of the comparison, and uses resource address (rather than just the
resource size) on the other side of the comparison.
This can allow malicious userspace to easily bypass the boundary check and
map pages that are located outside memory-region reserved by the driver.

Fixes: 01c60dcea9f7 ("drivers/misc: Add Aspeed P2A control driver")
Cc: stable@vger.kernel.org
Signed-off-by: Iwona Winiarska <iwona.winiarska@intel.com>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Tested-by: Andrew Jeffery <andrew@aj.id.au>
Reviewed-by: Joel Stanley <joel@aj.id.au>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>