[PATCH] blk-map: add kernel address validation in blk_rq_map_kern func

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: renxudong <renxudong1@xxxxxxxxxx>

Blk_rq_map_kern func is used to map kernel data to a request,
in which kbuf par should be a valid kernel buffer. However,
kbuf par is only checked whether it is null in blk_rq_map_kern func.

If users pass a non kernel address to blk_rq_map_kern func in the
non-aligned scenario, the invalid kbuf will be set to bio->bi_private.
When the request is completed, bio_copy_kern_endio_read will be called
to copy data to the kernel address in bio->bi_private. If the bi_private
is not a valid kernel address, the system will oops. In this case, we
cannot judge whether the bio structure is damaged or the kernel address is
invalid.

Here, we add kernel address validation by calling virt_addr_valid.

Signed-off-by: renxudong <renxudong1@xxxxxxxxxx>
Reviewed-by: Zhiqiang Liu <liuzhiqiang26@xxxxxxxxxx>
---
 block/blk-map.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/blk-map.c b/block/blk-map.c
index 3a62e471d81b..7deb1b44d1e3 100644
--- a/block/blk-map.c
+++ b/block/blk-map.c
@@ -229,7 +229,7 @@ int blk_rq_map_kern(struct request_queue *q, struct request *rq, void *kbuf,

 	if (len > (queue_max_hw_sectors(q) << 9))
 		return -EINVAL;
-	if (!len || !kbuf)
+	if (!len || !virt_addr_valid(kbuf))
 		return -EINVAL;

 	do_copy = !blk_rq_aligned(q, addr, len) || object_is_on_stack(kbuf);
-- 
2.24.0.windows.2




[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux